[go: up one dir, main page]

CN114257445B - Information control method for preventing user from instant multi-dialing authentication access - Google Patents

Information control method for preventing user from instant multi-dialing authentication access Download PDF

Info

Publication number
CN114257445B
CN114257445B CN202111563851.3A CN202111563851A CN114257445B CN 114257445 B CN114257445 B CN 114257445B CN 202111563851 A CN202111563851 A CN 202111563851A CN 114257445 B CN114257445 B CN 114257445B
Authority
CN
China
Prior art keywords
user
authentication
dialing
time
blacklist
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111563851.3A
Other languages
Chinese (zh)
Other versions
CN114257445A (en
Inventor
李永明
曹万俊
王雄奇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Fufu Information Technology Co Ltd
Original Assignee
China Telecom Fufu Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Fufu Information Technology Co Ltd filed Critical China Telecom Fufu Information Technology Co Ltd
Priority to CN202111563851.3A priority Critical patent/CN114257445B/en
Publication of CN114257445A publication Critical patent/CN114257445A/en
Application granted granted Critical
Publication of CN114257445B publication Critical patent/CN114257445B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a signal control method for preventing a user from instant multi-dialing authentication access, which comprises the steps of establishing a corresponding blacklist management mechanism, acquiring whether the user is blacklist user and the latest internet surfing authentication time information when the user is in internet surfing authentication, updating the internet surfing authentication time of the user in the blacklist to be microsecond if the user is in the blacklist and the latest internet surfing time is out of the internet surfing dialing time range, and utilizing a database line-level locking mechanism to avoid the problem that a service system can not process a session number check on the internet surfing authentication request at the same time under the condition of no session.

Description

Information control method for preventing user from instant multi-dialing authentication access
Technical Field
The invention relates to the technical field of wide access, in particular to a signal control method for preventing a user from instantaneously dialing to authenticate access.
Background
In the daily operation and maintenance process of broadband network service of telecom operators, under the high-flow high-concurrency service operation environment, users are frequently found to utilize dialing software to carry out instant concurrency dialing, and in this case, because a telecom operator authentication system does not establish user session information yet, the telecom operator is prevented from controlling session number service, and the purpose of occupying multiple bandwidth resources is achieved.
Disclosure of Invention
The invention aims to provide a signal control method for preventing a user from instant multi-dialing authentication access.
The technical scheme adopted by the invention is as follows:
a signal control method for preventing user from instant multi-dialing authentication access comprises the following steps:
step 1, a black and white list user mechanism is established, a newly built broadband user defaults to a black list user,
step 2, when the user dials on the internet, the user information is acquired to carry out pre-authentication;
step 3, judging whether the front authentication passes or not; if yes, reading a user blacklist and the latest internet surfing authentication time information and executing the step 4; otherwise, the authentication fails to disconnect the current dialing;
step 4, judging whether the user is a blacklist user or not; if yes, executing the step 5; otherwise, carrying out subsequent dialing;
step 5, judging whether the blacklist user is in the time range of allowing the internet surfing dialing again; if yes, updating the latest dialing time of the corresponding user in the user one-number multi-dialing information table and executing the step 6; otherwise, the authentication fails to disconnect the current dialing;
step 6, judging whether the current dialing transaction is in a lock conflict or not, namely, one record is simultaneously modified by another transaction (by utilizing a database transaction lock management mechanism, one record is simultaneously only allowed to be modified by one transaction); if yes, the authentication fails to disconnect the current dialing; otherwise, executing the step 7;
step 7, judging whether the user is legal for performing N-only authentication, namely the number of online sessions of the user account does not exceed the specified number (an algorithm that an application system controls the user account to only allow the specified number of sessions to be online at the same time); if yes, carrying out subsequent dialing; otherwise, the authentication fails to disconnect the current dialing.
Further, in the step 1, the users who specify the white list domain name are forbidden to be placed in the black list user management table; when the user is on sale, the data in the blacklist user table is cleared.
Further, the pre-authentication in the step 2 comprises user name password verification, shutdown verification and binding verification.
Further, in step 5, the condition of allowing the dial-up time to be on the internet again is that the dial-up time is 10 seconds after the last dial-up time.
Further, in step 5, in order to adapt to the high-flow high-concurrency service operation environment, the time comparison is accurate to microsecond level.
Further, in step 6, a database line-level locking mechanism is utilized to avoid the problem that the user cannot check the session number when the user accesses the internet at the same time under the condition of no session.
By adopting the technical scheme, by establishing a corresponding blacklist management mechanism, the invention acquires whether the user is a blacklist user or not and the latest internet surfing authentication time information when the user surfing authentication is performed, if the user is in the blacklist and the latest internet surfing time is forbidden to be surfing dialing time range again (in order to adapt to a high-flow high-concurrency service operation environment, time comparison is accurate to microsecond), the internet surfing authentication time of the user in the blacklist is updated, the time is accurate to microsecond, and a database line-level locking mechanism is utilized, so that the problem that a service system can not process a session number verification when a user surfing authentication request is performed under the condition of no session is solved.
Drawings
The invention is described in further detail below with reference to the drawings and detailed description;
FIG. 1 is a schematic diagram of a signaling method for preventing a user from accessing instant multi-dialing authentication according to the present invention;
fig. 2 is a flow chart of a signaling control method for preventing a user from instant multi-dialing authentication access according to the present invention.
Detailed Description
For the purposes, technical solutions and advantages of the embodiments of the present application, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
As shown in fig. 1 or 2, the invention discloses a signaling control method for preventing a user from accessing instant multi-dialing authentication, which comprises the following steps:
step 1, a black and white list user mechanism is established, a newly built broadband user defaults to a black list user,
step 2, when the user dials on the internet, the user information is acquired to carry out pre-authentication;
step 3, judging whether the front authentication passes or not; if yes, reading a user blacklist and the latest internet surfing authentication time information and executing the step 4; otherwise, the authentication fails to disconnect the current dialing;
step 4, judging whether the user is a blacklist user or not; if yes, executing the step 5; otherwise, carrying out subsequent dialing;
step 5, judging whether the blacklist user is in the time range of allowing the internet surfing dialing again; if yes, updating the latest dialing time of the corresponding user in the user one-number multi-dialing information table and executing the step 6; otherwise, the authentication fails to disconnect the current dialing;
step 6, judging whether the current dialing transaction is in a lock conflict or not, namely, one record is simultaneously modified by another transaction (by utilizing a database transaction lock management mechanism, one record is simultaneously only allowed to be modified by one transaction); if yes, the authentication fails to disconnect the current dialing; otherwise, executing the step 7;
step 7, judging whether the user is legal for performing N-only authentication, namely the number of online sessions of the user account does not exceed the specified number (an algorithm that an application system controls the user account to only allow the specified number of sessions to be online at the same time); if yes, carrying out subsequent dialing; otherwise, the authentication fails to disconnect the current dialing.
Further, in the step 1, the users who specify the white list domain name are forbidden to be placed in the black list user management table; when the user is on sale, the data in the blacklist user table is cleared.
Further, the pre-authentication in the step 2 comprises user name password verification, shutdown verification and binding verification.
Further, in step 5, the condition of allowing the dial-up time to be on the internet again is that the dial-up time is 10 seconds after the last dial-up time.
Further, in step 5, in order to adapt to the high-flow high-concurrency service operation environment, the time comparison is accurate to microsecond level.
Further, in step 6, a database line-level locking mechanism is utilized to avoid the problem that the user cannot check the session number when the user accesses the internet at the same time under the condition of no session.
By adopting the technical scheme, by establishing a corresponding blacklist management mechanism, the invention acquires whether the user is a blacklist user or not and the latest internet surfing authentication time information when the user surfing authentication is performed, if the user is in the blacklist and the latest internet surfing time is forbidden to be surfing dialing time range again (in order to adapt to a high-flow high-concurrency service operation environment, time comparison is accurate to microsecond), the internet surfing authentication time of the user in the blacklist is updated, the time is accurate to microsecond, and a database line-level locking mechanism is utilized, so that the problem that a service system can not process a session number verification when a user surfing authentication request is performed under the condition of no session is solved.
It will be apparent that the embodiments described are some, but not all, of the embodiments of the present application. Embodiments and features of embodiments in this application may be combined with each other without conflict. The components of the embodiments of the present application, which are generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations. Thus, the detailed description of the embodiments of the present application is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.

Claims (6)

1. A signal control method for preventing user from instant multi-dialing authentication access is characterized in that: which comprises the following steps:
step 1, a black and white list user mechanism is established, a newly built broadband user defaults to a black list user,
step 2, when the user dials on the internet, the user information is acquired to carry out pre-authentication;
step 3, judging whether the front authentication passes or not; if yes, reading a user blacklist and the latest internet surfing authentication time information and executing the step 4; otherwise, the authentication fails to disconnect the current dialing;
step 4, judging whether the user is a blacklist user or not; if yes, executing the step 5; otherwise, carrying out subsequent dialing;
step 5, judging whether the blacklist user is in the time range of allowing the internet surfing dialing again; if yes, updating the latest dialing time of the corresponding user in the user one-number multi-dialing information table and executing the step 6; otherwise, the authentication fails to disconnect the current dialing;
step 6, judging whether the current dialing transaction is in a lock conflict or not, namely, one record is simultaneously modified by another transaction; if yes, the authentication fails to disconnect the current dialing; otherwise, executing the step 7;
step 7, judging whether the N-only authentication of the user is legal or not, namely the number of online session of the user account does not exceed the specified number; if yes, carrying out subsequent dialing; otherwise, the authentication fails to disconnect the current dialing.
2. The method for preventing access to instantaneous multi-dial authentication of a user according to claim 1, wherein: in step 1, the users who specify the white list domain name are forbidden to be placed in the blacklist user management table.
3. The method for preventing access to instantaneous multi-dial authentication of a user according to claim 1, wherein: and (3) when the user is on sale in the step (1), clearing the data in the blacklist user table.
4. The method for preventing access to instantaneous multi-dial authentication of a user according to claim 1, wherein: the pre-authentication in the step 2 comprises user name password verification, shutdown verification and binding verification.
5. The method for preventing access to instantaneous multi-dial authentication of a user according to claim 1, wherein: in step 5, the condition of allowing the dial-up time to be on the internet again is that the dial-up time can be 10 seconds after the last dial-up time.
6. The method for preventing access to instantaneous multi-dial authentication of a user according to claim 1, wherein: and under the high-flow high-concurrency service operation environment, the time comparison in the step 5 is accurate to microsecond level.
CN202111563851.3A 2021-12-20 2021-12-20 Information control method for preventing user from instant multi-dialing authentication access Active CN114257445B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111563851.3A CN114257445B (en) 2021-12-20 2021-12-20 Information control method for preventing user from instant multi-dialing authentication access

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111563851.3A CN114257445B (en) 2021-12-20 2021-12-20 Information control method for preventing user from instant multi-dialing authentication access

Publications (2)

Publication Number Publication Date
CN114257445A CN114257445A (en) 2022-03-29
CN114257445B true CN114257445B (en) 2023-05-26

Family

ID=80796020

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111563851.3A Active CN114257445B (en) 2021-12-20 2021-12-20 Information control method for preventing user from instant multi-dialing authentication access

Country Status (1)

Country Link
CN (1) CN114257445B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115085973B (en) * 2022-05-17 2024-03-12 度小满科技(北京)有限公司 White list processing method, white list processing device, storage medium and computer terminal
CN118138377B (en) * 2024-05-06 2024-07-12 北京首信科技股份有限公司 Method and device for fixed network signal control and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6088451A (en) * 1996-06-28 2000-07-11 Mci Communications Corporation Security system and method for network element access
JP2003178029A (en) * 2001-12-12 2003-06-27 Nec Corp Authentication managing system and method, authentication server, session managing server and program
CN102257790A (en) * 2009-11-26 2011-11-23 华为技术有限公司 Method, system and device for user dial authentication
CN105516064A (en) * 2014-09-26 2016-04-20 中国移动通信集团浙江有限公司 A dial-up device bandwidth access method, device and server

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020090089A1 (en) * 2001-01-05 2002-07-11 Steven Branigan Methods and apparatus for secure wireless networking
US8064882B2 (en) * 2007-03-09 2011-11-22 Cisco Technology, Inc. Blacklisting of unlicensed mobile access (UMA) users via AAA policy database

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6088451A (en) * 1996-06-28 2000-07-11 Mci Communications Corporation Security system and method for network element access
JP2003178029A (en) * 2001-12-12 2003-06-27 Nec Corp Authentication managing system and method, authentication server, session managing server and program
CN102257790A (en) * 2009-11-26 2011-11-23 华为技术有限公司 Method, system and device for user dial authentication
CN105516064A (en) * 2014-09-26 2016-04-20 中国移动通信集团浙江有限公司 A dial-up device bandwidth access method, device and server

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
WLAN无感知认证关键技术探讨;李林江;《电信科学》;全文 *
宽带接入中的认证技术分析;叶群桥 等;《电脑知识与技术》;全文 *

Also Published As

Publication number Publication date
CN114257445A (en) 2022-03-29

Similar Documents

Publication Publication Date Title
KR100578685B1 (en) Method and system for checking authentication of a first communication subscriber in a communication network
US9021570B2 (en) System, control method therefor, service providing apparatus, relay apparatus and computer-readable medium
CN101009005B (en) Method, system and platform for securing safety of payment based on internet
CN114257445B (en) Information control method for preventing user from instant multi-dialing authentication access
WO2017091401A1 (en) Identity authentication method, system, business server and authentication server
US7454794B1 (en) Access control method
CN105827624A (en) Identity verifying system
CN106060034A (en) Account login method and device
US9942391B2 (en) Conference access method and apparatus
US20090260066A1 (en) Single Sign-On To Administer Target Systems with Disparate Security Models
CN105681047A (en) CA certificate issuance method and system
CN112685718A (en) Method for invalidating original access token during multi-terminal login of same account based on OAuth protocol
CN110049031A (en) A kind of interface security authentication method and server, authentication center's server
CN102480487B (en) Multi-user on-line video game method based on authentication and system thereof
CN101815135B (en) Implementation method for building service platform between telephone line and service system
AU2007325944A1 (en) Apparatus and method for automated inventory tracking and authentication
CN114257451A (en) Verification interface replacing method and device, storage medium and computer equipment
US8954547B2 (en) Method and system for updating the telecommunication network service access conditions of a telecommunication device
KR20150053422A (en) Certification telephone number management server and method for managing certification telephone number, and electronic business server and method for certificating electronic business
US7631344B2 (en) Distributed authentication framework stack
CN102257790B (en) Method, system and device for user dial authentication
CN116249113A (en) Verification authorization method and device for virtual image of meta-universe, electronic equipment and storage medium
KR100964505B1 (en) Method and device for web application security using security tag
CN100355313C (en) Method for preventing terminal user from illegal roaming
CN111709803A (en) Method and system for preventing unauthorized business handling

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant