CN209218131U - A kind of network authentication security management and control device - Google Patents

A kind of network authentication security management and control device Download PDF

Info

Publication number
CN209218131U
CN209218131U CN201822017893.7U CN201822017893U CN209218131U CN 209218131 U CN209218131 U CN 209218131U CN 201822017893 U CN201822017893 U CN 201822017893U CN 209218131 U CN209218131 U CN 209218131U
Authority
CN
China
Prior art keywords
network
user
module
input terminal
subsystem
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201822017893.7U
Other languages
Chinese (zh)
Inventor
张楠
朱广新
商莹楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NARI Group Corp
Nari Technology Co Ltd
Original Assignee
NARI Group Corp
Nari Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NARI Group Corp, Nari Technology Co Ltd filed Critical NARI Group Corp
Priority to CN201822017893.7U priority Critical patent/CN209218131U/en
Application granted granted Critical
Publication of CN209218131U publication Critical patent/CN209218131U/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Computer And Data Communications (AREA)

Abstract

The utility model discloses a kind of network authentication security management and control device, the device includes: client, authentication subsystem, network control subsystem and server terminal, client is connect with authentication subsystem and network control subsystem two-way signaling respectively, and authentication subsystem is also connect with server terminal;The certification security management and control device of the utility model can ensure that, when, which there is exception, in user's operation and access process can limit the access of the user, the information of user is not encroached on, and ensure the safety of system data, start time is managed when online, when suspension, terminates, can guarantee in whole process using safe, and using control in real time, once access can be limited immediately by exception occur;By the certification of authentication subsystem, non-user operation can be stopped immediately, and alerted, it is avoided to see the browsing of real user record and personal real information, go to ensure user using safe.

Description

A kind of network authentication security management and control device
Technical field
The utility model relates to technical field of network security, more particularly to a kind of network authentication security management and control device.
Background technique
With the high speed development of internet, network brings huge convenience to people's lives, work, but also band simultaneously Network security problem is carried out.By the way that comprehensive control to network can be realized in network exit deployment secure gateway.Existing skill The network control device of art: including: that attribute obtains module, for obtaining the dynamic attribute of user identifier;Mode obtains module, uses In the mapping relations according to preset dynamic attribute and network control mode, corresponding to the dynamic attribute for obtaining the user identifier Network control mode;Network manages module, manages for executing the network to the corresponding network behavior of the user identifier Mode.Further include: identifier acquisition module, for obtaining the user identifier of network behavior exception;Attribute mark module, for institute State the dynamic attribute that user identifier label matches extremely with the network behavior.Attribute cancellation module, for judging the net Whether network abnormal behavior disappears, if so, removing the dynamic attribute to match extremely with network behavior marked to user identifier. Time-obtaining module executes the network control mode corresponding control time for obtaining;Control releases module, for judging Whether the control time reaches preset threshold, if so, further judge that the dynamic attribute of user identifier whether there is, if It is no, then release the network control mode executed to the user identifier corresponding network behavior.
But the not certain access authentication of the network control device, can not go to ensure user using safe, user is practical During operating this system, because management and control measures are not in place, the safety of the data safety and this system itself to user can all be generated It threatens.
Utility model content
Purpose of utility model: the utility model provides a kind of network authentication peace for the safety in utilization that one can ensure user Full control device.
Technical solution: a kind of network authentication security management and control device, the device include: client, authentication subsystem, net Network manages subsystem and server terminal, and client connects with authentication subsystem and network control subsystem two-way signaling respectively It connects, authentication subsystem is also connect with server terminal;Wherein, the authentication subsystem includes Secure Access Modules, at first Manage device, memory, data comparison module, controller and alert module;The input terminal of the Secure Access Modules and client The output end at end connects, and the output end of the Secure Access Modules and the input terminal of first processor connect, and described first The output end of processor respectively with the input terminal of data comparison module, the input terminal of memory, the input terminal of controller and service The connection of device terminal, the first processor are connect with data comparison module two-way signaling;The output end of the controller and police The input terminal connection of module is accused, the output end of alert module and the input terminal of client connect.
Further, the authentication subsystem further includes database, and the database and the data comparison module are two-way Signal connection.
Further, the identity information area in the usage record area in the database equipped with user and user.
Further, the network control subsystem includes safety management module, violation operation identification module, second processor And network weight control module;The input terminal of the safety management module and the output end of client connect, safety management module Output end connect with the input terminal of violation operation identification module, the output end and second processing of the violation operation identification module The input terminal of device connects, and the output end of the second processor is connect with the input terminal of network legal power control module, network legal power The output end of control module and the input terminal of client connect.
Further, user is divided into administrator, advanced level user and ordinary user three by the network legal power control module Grade.
Further, the network legal power control module access level of user is divided into forbid accessing, allow access and Limitation access.
Further, the client is to access the smart machine of wireless network.
The utility model has the advantages that the certification security management and control device of the utility model can ensure that, when user's operation and access process go out When now exception can limit the access of the user, the information of user is not encroached on, and ensures the safety of system data, manages the time Starting point is when online, when suspension, terminates, can guarantee in whole process using safe, and using control in real time, once Access can be limited immediately by exception occur;By the certification of Secure Access Modules, non-user operation can be stopped immediately, gone forward side by side Row warning avoids it from seeing the browsing of real user record and personal real information, go to ensure user using safe.
Detailed description of the invention
Fig. 1 is the block diagram of the network authentication security management and control device of the utility model;
Fig. 2 is the block diagram of the network control subsystem of the utility model.
Specific embodiment
The utility model is further described below.
As Figure 1-Figure 2, a kind of network authentication security management and control device provided by the utility model, which includes: visitor It family end, server terminal, the authentication subsystem for connecting client and server terminal and connect with client two-way signaling Network manages subsystem.Authentication subsystem can authenticate the login of user, will be in the identity information and database of user The identity information of storage is compared, and only authentication completion just can be carried out normal operating, and certification is not completed and cannot then be connected Enter this system, to guarantee the data safety of user, network manages subsystem and then carries out supervision in system actual use, to it In violation operation identified and controlled, and the limitation of network legal power is carried out for different user gradation, to guarantee to make With safety in the process.
Authentication subsystem includes: Secure Access Modules, first processor, data comparison module, database, memory, police Accuse module and controller;The input terminal of Secure Access Modules and the output end of client connect, the output of Secure Access Modules End is connect with first processor, is substantially carried out authentication function, the identity information and verification process of user is monitored, in verification process It is required that user inputs account information and password, after the completion of authenticating first time, then the usage record of user is used with other and is remembered Record upsets arrangement, and user is allowed to select, and only once fault-tolerant chance, to complete second of certification, avoids illegal rear end Entered in the account of user by account and multiple password attempt, that steals user uses data information;Then have in database more A subregion, the identity information area etc. in usage record area, user including user when authenticating for the first time, read the identity letter of user Breath area is compared with the identity information of login, and when authenticating for the second time, the usage record area for reading user makes with what user selected It is compared with record;Memory, controller and data comparison module are connect with the output end of first processor respectively, storage Device then persists the identity information of user, when password is inputed by mistake for the first time, and the warning page returns to login page after occurring, The account information of user is refreshed on the new page, it is only necessary to be re-entered password, be completed to authenticate for the first time, not need defeated again Enter account, can be improved the usage experience of user, data comparison module will belong to this in the identity information area of user in database The password of account is compared with the password that user inputs, will belong in the usage record area of user the usage record of the account with The usage record of user's selection is compared, to complete to authenticate for the first time and second authenticates, controller also with alert module Connection, controller mainly respond the processing result of first processor, and it is abnormal conscientious to exist, then are sent by alert module It is alerted to client, guarantees the data safety of user.
It includes safety management module, violation operation identification module, second processor and network weight that network, which manages subsystem, Limit control module.Wherein, safety management module can monitor the upper downtime of user, flowing of access information, client in real time and set The output end of standby and IP address etc., safety management module is connect with the input end signal of violation operation identification module, is grasped in violation of rules and regulations Module is differentiated using filtering and capture function, capture analysis is carried out to information, there are violations of rules and regulations to alarm to administrator, in violation of rules and regulations The input end signal of the output end and second processor that operate identification module connects, the output end and network legal power of second processor The input end signal of control module connects, and network legal power control module falls into three classes user, and different grades of user visits Ask that the range of network is different, respectively administrator, advanced level user and ordinary user's three grades, and there are three access for user Grade is respectively forbidden accessing, allows to access and limit access, guaranteed the data safety of user and system with this.
Client is that the smart machine of access wireless network is provided with not existing together for the equipment for distinct device Reason mode and interface, such as mobile phone terminal and computer end, the certification page of mobile phone terminal is arranged in middle position, computer end The right end of the page is arranged in certification page, and left end can be provided with feature advertisement or promotional videos of the website etc., even if being all The page of computer end, different model is slightly different, such as the page-size of the site certificate page, font size, publicity the page with The arrangement ratio of certification page, distinct according to different computers model, ratio is 5:5 or ratio is 6:4.
Secure Access Modules use RADAIUS, verify to the username and password of client input, response speed Fastly, processing speed is fast, and anti-virus ability is strong, strong for the recognition capability of real user and violation rear end.First processor is adopted With the dual core processors of model PentiumEE, energy multiple threads task has multiple tasks that first processor is needed to carry out When processing, first processor can be handled simultaneously, be capable of the processing speed of support mission, and not phase between different processing tasks Mutually influence.The 16 core E5-2670V3 of model of memory, hard disk is 2*480G SSD in memory, and memory is only to place to use The identity account at family, when user carries out account input, there are association functions, increase the usage experience of user, and identity account is number The storage space of word information, occupancy is small, but in order to be used continuously for a long time, so the memory big using memory space, The case where being overflowed in later use process there is no data.The model Pentium D 965 of second processor, can be right The identification handling suggestion of violation operation identification module is reprocessed, and because there are a large amount of data flows in each user's use, is disobeyed Rule operation identification module only retains abnormal data, but treating capacity is also very huge, so needing one can largely locate The processor of data is managed, and is not easy to collapse in data handling procedure.
User carries out register by client, and Secure Access Modules need to verify username and password, and real-time Verification information signal is passed to first processor, first processor by monitoring identity information and verification process, Secure Access Modules Identity information is temporarily stored by memory, and verification information is passed into data comparison module, data comparison module It calls the identity information in database to be compared, comparison result is communicated to first processor, and it is anti-to do information to database Feedback, compares successfully, that is, completes verifying, and identity information does not compare success, and first processor then assigns instruction to controller, controller It is alerted by alert module to using the user of client to give, in the normal use network development process of user, safety management mould Block monitors upper downtime, flowing of access information, client device and the IP address of user in real time, and use information is transmitted Violation operation identification module is given, violation operation identification module identify and pass to identification result at second to abnormal behaviour Device is managed, second processor verifies the class information of user by network legal power control module, according to user gradation to the different of user Often operation is limited, to realize network monitoring.

Claims (7)

1. a kind of network authentication security management and control device, it is characterised in that: the device includes: client, authentication subsystem, net Network manages subsystem and server terminal, and client connects with authentication subsystem and network control subsystem two-way signaling respectively It connects, authentication subsystem is also connect with server terminal;Wherein, the authentication subsystem includes Secure Access Modules, at first Manage device, memory, data comparison module, controller and alert module;The input terminal of the Secure Access Modules and client The output end at end connects, and the output end of the Secure Access Modules and the input terminal of first processor connect, and described first The output end of processor respectively with the input terminal of data comparison module, the input terminal of memory, the input terminal of controller and service The connection of device terminal, the first processor are connect with data comparison module two-way signaling;The output end of the controller and police The input terminal connection of module is accused, the output end of alert module and the input terminal of client connect.
2. network authentication security management and control device according to claim 1, it is characterised in that: the authentication subsystem also wraps Database is included, which connect with the data comparison module two-way signaling.
3. network authentication security management and control device according to claim 2, it is characterised in that: be equipped with user in the database Usage record area and user identity information area.
4. network authentication security management and control device according to claim 1, it is characterised in that: the network manages subsystem packet Include safety management module, violation operation identification module, second processor and network legal power control module;The safety management mould The input terminal of block and the output end of client connect, the output end of safety management module and the input terminal of violation operation identification module The input terminal of connection, the output end of the violation operation identification module and second processor connects, the second processor it is defeated Outlet is connect with the input terminal of network legal power control module, and the output end of network legal power control module and the input terminal of client connect It connects.
5. network authentication security management and control device according to claim 4, it is characterised in that: the network legal power controls mould User is divided into administrator, advanced level user and ordinary user's three grades by block.
6. network authentication security management and control device according to claim 4, it is characterised in that: the network legal power controls mould The access level of user is divided by block to be forbidden accessing, allows to access and limit access.
7. network authentication security management and control device according to claim 1, it is characterised in that: the client is access nothing The smart machine of gauze network.
CN201822017893.7U 2018-11-27 2018-11-27 A kind of network authentication security management and control device Active CN209218131U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201822017893.7U CN209218131U (en) 2018-11-27 2018-11-27 A kind of network authentication security management and control device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201822017893.7U CN209218131U (en) 2018-11-27 2018-11-27 A kind of network authentication security management and control device

Publications (1)

Publication Number Publication Date
CN209218131U true CN209218131U (en) 2019-08-06

Family

ID=67462707

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201822017893.7U Active CN209218131U (en) 2018-11-27 2018-11-27 A kind of network authentication security management and control device

Country Status (1)

Country Link
CN (1) CN209218131U (en)

Similar Documents

Publication Publication Date Title
CN111274583A (en) Big data computer network safety protection device and control method thereof
US11171784B2 (en) Systems and methods for providing a secured password and authentication mechanism for programming and updating software or firmware
CN107645482A (en) A kind of risk control method and device for business operation
WO2023216641A1 (en) Security protection method and system for power terminal
US9667613B1 (en) Detecting mobile device emulation
CN112528251B (en) User account authority management method, device, equipment and readable medium
CN102999716A (en) virtual machine monitoring system and method
CN107506289A (en) The abnormality monitoring method and financial terminal of a kind of financial terminal
CN107302586A (en) A kind of Webshell detection methods and device, computer installation, readable storage medium storing program for executing
CN112104618A (en) Information determination method, information determination device and computer readable storage medium
CN110650151A (en) Computer network safety remote monitoring device
CN114244568B (en) Security access control method, device and equipment based on terminal access behavior
DE102017113147A1 (en) Secure payment protection method and corresponding electronic device
CN209218131U (en) A kind of network authentication security management and control device
CN107612755A (en) The management method and its device of a kind of cloud resource
CN111541641A (en) Password management system and method
CN110490007A (en) A kind of Computer Data Security shared platform Internet-based
CN112287313A (en) Device authentication system and method
CN109862035A (en) Game APP account verification method and equipment
CN115310078A (en) Industrial production line auditing system and application method
CN111510431B (en) Universal terminal access control platform, client and control method
CN211506487U (en) Cross-platform security audit device
CN114205116A (en) Zero-trust borderless security access system
CN109756403A (en) Access verification method, device, system and computer readable storage medium
RU2656692C2 (en) Device and method of server administration

Legal Events

Date Code Title Description
GR01 Patent grant
GR01 Patent grant