KR20160132609A - Access Control Method to Server - Google Patents
Access Control Method to Server Download PDFInfo
- Publication number
- KR20160132609A KR20160132609A KR1020150065350A KR20150065350A KR20160132609A KR 20160132609 A KR20160132609 A KR 20160132609A KR 1020150065350 A KR1020150065350 A KR 1020150065350A KR 20150065350 A KR20150065350 A KR 20150065350A KR 20160132609 A KR20160132609 A KR 20160132609A
- Authority
- KR
- South Korea
- Prior art keywords
- access control
- password
- control device
- server
- user
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The access control method according to the present invention is performed by the access control device in an environment including a user terminal, an administrator terminal, an access control device, and a management server, and the access control device transmits an access control ID And a first step of receiving first data including password information; The access control apparatus reassembles the authentication packet including the access control ID and the password among the packets of the first data received in the first step to generate second data including an ID and a password connectable to the management server A second step; And a third step of the access control device transmitting the second data to the managed server.
Description
The present invention relates to a user access control method for a managed server, and more particularly, to an access control method which can be accessed without directly exposing an access code accessible to a user to a managed server.
In order to securely access the in-house information server used by a corporation or a financial institution, it is necessary to restrict authority and detour access by user, work or role. As a typical method for allowing a user to access a management server through a terminal and performing a predetermined operation, there is an approach using an ID / password. However, such an old method has a drawback in that it is very vulnerable because it can be easily leaked through the possibility of high ID / password leakage and keyboard hooking program.
In order to compensate for this security vulnerability, additional authentication method using SMS authentication number and additional authentication method using one time password (OTP) are used.
If the number of IDs and passwords to be managed by the user surges, the user's ID / password-based user authentication method inconveniences the user from managing the ID / password history, thereby allowing many users to access the plurality of managed servers In many cases, the same ID / password is used.
If the user is hooked up even by the additional authentication method using the SMS authentication number or the one-time password, there is a possibility that the ID / password information for accessing the managed server is exposed. If the user directly accesses the managed server, There is still the possibility of working.
It is an object of the present invention to provide an access control method for solving the above-described problem that can be caused by directly exposing an access code to a managed server to a user.
The access control method according to the present invention is performed by the access control device in an environment including a user terminal, an administrator terminal, an access control device, and a management server, and the access control device transmits an access control ID And a first step of receiving first data including password information; The access control apparatus reassembles the authentication packet including the access control ID and password among the packets of the first data received in the first step to generate second data including an ID and a password connectable to the managed server A second step; And a third step of the access control device transmitting the second data to the managed server.
Wherein the authentication packet recombination process of the second step includes a step 2-1 of replacing the field of the authentication packet including the access control ID and the password with an ID and a password connectable to the management server, And (2-2) modifying other information.
Step 2-2 of modifying the other information may be a step of modifying size information of the authentication packet, modifying the packet arrangement according to the size information, and modifying the inner CRC value.
It is preferable that the password is composed of disposable password information.
According to the present invention, security and management efficiency are improved because IDs and passwords connectable to the managed
BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 shows an environment in which the present invention is carried out.
2 is a flowchart of an access control method according to the present invention;
3 is a flowchart of a process of generating a session key used in the access control method according to the present invention.
Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.
Encryption / decryption may be applied to the information (data) transmission process performed in the present specification, and expressions describing the process of transmitting information (data) in the present specification and claims are not limited to encryption / decryption Should be construed as including. As used herein, the term " A to B transmission "or" A reception from B "includes other intermediate transmission mediums, ) ≪ / RTI > or received. In the description of the present invention, the order of each step should be understood to be non-limiting, unless the preceding step must be performed logically and temporally before the next step. That is to say, except for the exceptional cases mentioned above, even if the process described in the following stage is performed before the process described in the preceding stage, it does not affect the essence of the invention and the scope of the right should be defined regardless of the order of the stages.
FIG. 1 shows an environment for performing the access control method according to the present invention and a relationship among the respective components.
As shown in FIG. 1, the environment in which the present invention is performed includes an
The
The access
The access
Next, the access control method according to the present invention will be described.
The administrator accesses the access control device through the
For example, the following table is recorded in the access control device account 32-1.
Manage ID and password for each user IP. This ID and password means an ID and a password that a user can access to the
For example, the following table is recorded in the management target server account 32-2.
(Unix)
(Network)
For each server, the system ID and password of the public account and the general account are recorded, and the user-entered one-time password (OTP) field is also provided.
The
When the user inputs an ID and a password that can be connected to the
In
The reassembled data of the authentication packet is transmitted to the managed server 40 (step 250), and the managed
The
The
3 shows a process of generating a session key between the
Before generating the session key, the security protocol exchange process is performed first.
The
The
According to the present invention, security and management efficiency are improved because IDs and passwords connectable to the managed
While the present invention has been described with reference to the accompanying drawings, it is to be understood that the scope of the present invention is defined by the claims that follow, and should not be construed as limited to the above-described embodiments and / or drawings. It is to be expressly understood that improvements, changes and modifications that are obvious to those skilled in the art are also within the scope of the present invention as set forth in the claims.
10: Administrator terminal
20: User terminal
30: access control device
40: Managed Server
Claims (4)
A first step in which the access control device receives first data including an access control ID and password information from the user terminal;
The access control apparatus reassembles the authentication packet including the access control ID and the password among the packets of the first data received in the first step to generate second data including an ID and a password connectable to the management server A second step,
And a third step of the access control device transmitting the second data to the managed server.
Access control method.
The second step is a step 2-1 of replacing the authentication packet reconfiguration process with an ID and a password connectable to the management server in a field of an authentication packet including an access control ID and a password,
And (2-2) modifying other information related to the field of the authentication packet.
In the second step (2-2) of modifying the other information,
An authentication packet size information modification step, a packet sequence modification step according to the size information, and an internal CRC value modification step,
Access control method.
The password is one-time password information,
Access control method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150065350A KR20160132609A (en) | 2015-05-11 | 2015-05-11 | Access Control Method to Server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150065350A KR20160132609A (en) | 2015-05-11 | 2015-05-11 | Access Control Method to Server |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20160132609A true KR20160132609A (en) | 2016-11-21 |
Family
ID=57537857
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150065350A KR20160132609A (en) | 2015-05-11 | 2015-05-11 | Access Control Method to Server |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20160132609A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20200095146A (en) * | 2019-01-31 | 2020-08-10 | (주)아이티 노매즈 | Method for blocking loop around connection between servers and managing password utilizing imaginary account |
-
2015
- 2015-05-11 KR KR1020150065350A patent/KR20160132609A/en not_active Application Discontinuation
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20200095146A (en) * | 2019-01-31 | 2020-08-10 | (주)아이티 노매즈 | Method for blocking loop around connection between servers and managing password utilizing imaginary account |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8448238B1 (en) | Network security as a service using virtual secure channels | |
JP7086327B2 (en) | Securely transfer user information between applications | |
US11936776B2 (en) | Secure key exchange electronic transactions | |
US9419799B1 (en) | System and method to provide secure credential | |
US20130332724A1 (en) | User-Space Enabled Virtual Private Network | |
US20150318998A1 (en) | Methods and systems for client-enhanced challenge-response authentication | |
US10503918B2 (en) | Process to access a data storage device of a cloud computer system | |
US10050944B2 (en) | Process to access a data storage device of a cloud computer system with the help of a modified Domain Name System (DNS) | |
US9742561B2 (en) | Secure remote authentication of local machine services using secret sharing | |
JP2015536061A (en) | Method and apparatus for registering a client with a server | |
JP2017112604A (en) | Method for improving encryption/decryption speed by complexly applying symmetric key encryption and asymmetric key double encryption | |
Junghanns et al. | Engineering of secure multi-cloud storage | |
US20170295142A1 (en) | Three-Tiered Security and Computational Architecture | |
Reimair et al. | MoCrySIL-Carry your Cryptographic keys in your pocket | |
CN105518696A (en) | Performing an operation on a data storage | |
US20220337591A1 (en) | Controlling command execution in a computer network | |
WO2014106028A1 (en) | Network security as a service using virtual secure channels | |
KR20160132609A (en) | Access Control Method to Server | |
KR102539418B1 (en) | Apparatus and method for mutual authentication based on physical unclonable function | |
Basu et al. | Strengthening Authentication within OpenStack Cloud Computing System through Federation with ADDS System | |
KR102167575B1 (en) | Method for blocking loop around connection between servers utilizing imaginary accoun | |
US11968302B1 (en) | Method and system for pre-shared key (PSK) based secure communications with domain name system (DNS) authenticator | |
Chakraborti et al. | A Review of Security Challenges in Home Automation Systems | |
Aiken et al. | KaaSP: keying as a service provider for small and medium enterprises using untrusted cloud services | |
Patalbansi et al. | Cloud storage system for mobile cloud computing using blockchain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E601 | Decision to refuse application |