Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Data connection method, system and device

A connection method and data technology, applied in the field of communication, can solve problems such as excessive time and resources, increased deployment work, lack of access authentication and filtering, etc.

Inactive Publication Date: 2017-07-07
BEIJING LEADSEC TECH +1
View PDF2 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] 1) From the perspective of security: a. The traditional authentication gateway solution only verifies the user's identity during access authentication. After the authentication is completed, all access control of the client is converted into a strategy based on the IP address. Usually, the user network and the information center There is a large open network whose addresses can be easily spoofed or impersonated
b. The VPN tunnel encapsulation scheme reduces the egress gateway of the user network and lacks basic access authentication filtering. The ingress gateway of the information center becomes the bottleneck of access, which may face a large number of unauthenticated illegal access and is vulnerable to denial of service attacks
[0007] 2) From the perspective of performance: For the tunnel encapsulation scheme, the establishment of the tunnel and the reassembly of the message need to consume more time and resources, which may lead to a sharp drop in network throughput performance, and the ingress gateway of the information center needs stronger processing capacity, otherwise it is difficult to maintain a large number of concurrent user access
In the same way, for a large number of old client hosts in the user network, its hardware configuration is sometimes not competent
[0008] 3) From the perspective of deployment: For the VPN tunnel solution, according to the encapsulation method, the source address, destination address or access path of the network message will usually be changed to varying degrees, and the server or application program in the original information center may need to be modified or rewrite
At the same time, this type of solution requires the installation of a VPN client program on each client host. In addition to increasing the deployment work, it will also cause a large number of compatibility issues

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data connection method, system and device
  • Data connection method, system and device
  • Data connection method, system and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0115] Such as Figure 5 As shown, this embodiment provides a data connection method, the method comprising:

[0116] Step S11: After the authentication access gateway obtains the data connection message sent by the terminal device, it judges whether the terminal device passes the authentication;

[0117] Step S12: The authentication access gateway performs corresponding processing on the data connection message according to the judgment result, and then sends the processed data connection message to the authorization control gateway;

[0118] Step S13: The authorization control gateway judges whether to send the data connection message to the server according to the authorization policy corresponding to the terminal device.

[0119] Optionally, also include:

[0120] Step S14: After the authentication access gateway receives the authentication information and identity sent by the authentication client on the terminal device, the authentication access gateway verifies the au...

Embodiment 2

[0142] The technical solution of the present invention is further described below.

[0143] 1. Certification process

[0144] 1. The user starts the authentication client, inserts the certificate or enters the account password, and the authentication client requests the authentication access gateway to establish a connection;

[0145] If the user inserts a certificate, submit the ID and certificate information to the authentication access gateway, and if the user enters the account password, submit the ID to the authentication access gateway. Usually the ID is a 4-byte or 8-byte integer.

[0146] 2. The authentication access gateway verifies the validity of the account password or certificate;

[0147] If the password is wrong or the certificate is invalid, the authentication will fail; if the password verification is passed or the certificate is valid, the authentication will pass, and at this time, the mapping relationship between the identity and the source address will b...

Embodiment 3

[0163] Such as Figure 7 As shown, this embodiment provides a data connection system, the system includes an authentication access gateway 11 and an authorization control gateway 12:

[0164] The authentication access gateway 11 is used to judge whether the terminal device has passed the authentication after obtaining the data connection message sent by the terminal device; it is also used to perform corresponding processing on the data connection message according to the judgment result Send the processed data connection message to the authorization control gateway;

[0165] The authorization control gateway 12 is configured to determine whether to send the data connection message to the server according to the authorization policy corresponding to the terminal device.

[0166] Optionally,

[0167] The authentication access gateway 11 is used to determine whether the terminal device is authenticated specifically refers to:

[0168] Comparing the source address of the data co...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a data connection method. The method comprises the following steps: an authentication access gateway acquires a data connection message sent by terminal equipment and then judges whether the terminal equipment is successfully authenticated; the authentication access gateway correspondingly processes the data connection message according to the judgment result, and then sends the processed data connection message to an authorization control gateway; and the authorization control gateway judges whether sending the data connection message to a server according to an authorization policy corresponding to the terminal equipment. According to the above scheme, through the complete separation of authentication and authorization, a more effective and secure network access control and authorization method is provided, and meanwhile, impersonation attacks of IP addresses can be effectively prevented.

Description

technical field [0001] The present invention relates to the communication field, in particular to a data connection method, system and device. Background technique [0002] Such as figure 1 As shown, in some large cross-regional enterprises or industries, there are hundreds of user networks and multiple information centers inside. Each user network and information center is connected through a dedicated wide area network, and all of the networks are peer nodes. There is no Network Address Translation (NAT). Clients located in the user network often need to access multiple different information centers at the same time. Usually, each information center belongs to different competent departments, which require unique authorization for different visiting users, and this kind of authorization management is usually determined by the respective information center competent departments, and unified authorization management for the whole industry cannot be carried out. Such enter...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 谭锋孟庆森
Owner BEIJING LEADSEC TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com