[go: up one dir, main page]

CN108040033A - Intranet security cut-in method and system based on cloud computing and mobile common platform - Google Patents

Intranet security cut-in method and system based on cloud computing and mobile common platform Download PDF

Info

Publication number
CN108040033A
CN108040033A CN201711101737.2A CN201711101737A CN108040033A CN 108040033 A CN108040033 A CN 108040033A CN 201711101737 A CN201711101737 A CN 201711101737A CN 108040033 A CN108040033 A CN 108040033A
Authority
CN
China
Prior art keywords
fingerprint
typing
intranet
initial
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711101737.2A
Other languages
Chinese (zh)
Inventor
韩嘉佳
刘周斌
李沁园
袁永军
孙歆
李景
孙昌华
吕磅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd
State Grid Corp of China SGCC
Original Assignee
Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd
State Grid Corp of China SGCC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd, State Grid Corp of China SGCC filed Critical Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd
Priority to CN201711101737.2A priority Critical patent/CN108040033A/en
Publication of CN108040033A publication Critical patent/CN108040033A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Collating Specific Patterns (AREA)

Abstract

本发明公开了一种基于云计算及移动公共平台的内网安全接入方法及系统。本发明的内网安全接入方法包括:初始指纹的录入和指纹识别,初始指纹的录入包括:将录入的初始指纹传输至终端服务器,终端服务器将录入的指纹转换为指纹信息并上传至云端的指纹库;指纹识别包括:录入登录者的指纹并从指纹库中接入指纹信息;将采集的指纹与对接的指纹信息进行对比,对比成功后进入内网。本发明基于云计算及移动公共平台的内网安全接入方法,配备可接入公司内网安全平台的专用加密卡,实现移动作业终端安全可靠接入公司内网,提供可支持外接指纹采集仪的移动手机终端,从而完善内外网数据交互接口的安全性。

The invention discloses a method and system for secure access to an intranet based on cloud computing and a mobile public platform. The intranet security access method of the present invention includes: entry of initial fingerprints and fingerprint identification, entry of initial fingerprints includes: transmitting the entered initial fingerprints to a terminal server, and the terminal server converts the entered fingerprints into fingerprint information and uploads them to the cloud server Fingerprint library; fingerprint identification includes: inputting the fingerprint of the registrant and accessing the fingerprint information from the fingerprint library; comparing the collected fingerprint with the connected fingerprint information, and entering the intranet after the comparison is successful. The present invention is based on cloud computing and a method for secure access to the internal network of the mobile public platform, and is equipped with a special encryption card that can be connected to the company's internal network security platform to realize safe and reliable access of the mobile operation terminal to the company's internal network and provide an external fingerprint collector that can support Mobile phone terminals, thereby improving the security of the data interaction interface of the internal and external networks.

Description

基于云计算及移动公共平台的内网安全接入方法及系统Intranet security access method and system based on cloud computing and mobile public platform

技术领域technical field

本发明涉及网络安全技术领域,具体地说是一种基于云计算及移动公共平台的内网安全接入方法及系统。The invention relates to the technical field of network security, in particular to an intranet security access method and system based on cloud computing and a mobile public platform.

背景技术Background technique

随着信息化建设的快速发展,单位内部计算机终端越来越多,如何对内网终端的网络安全接入管理,以及避免终端信息数据的泄密,已成为企业首选问题。With the rapid development of informatization construction, there are more and more computer terminals in the unit. How to manage the network security access of intranet terminals and avoid the leakage of terminal information data has become the first choice for enterprises.

目前大多数内网安全管理系统的网络接入控制技术,大多基于“扫描一发现一阻断”的工作模式,通过网络接入控制系统的管理中心,对网络进行不断的扫描,并对扫描的计算机进行合法性检查,判断该终端是否为合法终端。当发现该终端为不合法终端时,采用 ARP欺骗方式,阻断该终端接入网络。At present, the network access control technology of most intranet security management systems is mostly based on the working mode of "scan-discover-block". Through the management center of the network access control system, the network is continuously scanned, and the scanned The computer performs a legality check to determine whether the terminal is a legal terminal. When the terminal is found to be illegal, the ARP spoofing method is used to block the terminal from accessing the network.

上述技术存在着以下不足:There are following deficiencies in above-mentioned technology:

1.非法终端能在网上存活一段时间1. Illegal terminals can survive on the Internet for a period of time

由于需要对全网所有地址进行扫描,对每个地址有一定的扫描间隔周期,因此,这段时间内非法接入终端能在网络中存活一定时间,而在这段时间内,攻击者有可能已经完成部分攻击行为。Since it is necessary to scan all addresses on the entire network, there is a certain scan interval for each address. Therefore, during this period of time, illegal access terminals can survive in the network for a certain period of time, and during this period, attackers may Part of the attack has been completed.

2.在某些情况下,网络接入控制系统不能发现接入的非法终端2. In some cases, the network access control system cannot discover illegal terminals that access

由于需要指定扫描的网络范围,当非法接入终端使用的地址在指定的扫描范围之外时,网络接入控制系统无法“发现”接入的非法设备。Since the network range to be scanned needs to be specified, when the address used by the illegal access terminal is outside the specified scanning range, the network access control system cannot "discover" the illegal device that is accessed.

3.消耗宝贵的网络资源3. Consume valuable network resources

网络接入控制系统需要对网络进行不断的扫描以期发现非法接入的终端,这会消耗大量宝贵的网络资源,尤其在大型网络中,这个问题更加突出。The network access control system needs to continuously scan the network in order to find illegal access terminals, which will consume a lot of valuable network resources, especially in large-scale networks, this problem is more prominent.

发明内容Contents of the invention

鉴于上述现有技术存在的不足,本发明提供一种基于云计算及移动公共平台的内网安全接入方法,以实现终端安全的管控。In view of the deficiencies in the above-mentioned prior art, the present invention provides a method for secure access to an intranet based on cloud computing and a mobile public platform, so as to realize management and control of terminal security.

为解决上述技术问题,本发明采用的技术方案为:In order to solve the problems of the technologies described above, the technical solution adopted in the present invention is:

基于云计算及移动公共平台的内网安全接入方法,其包括:初始指纹的录入和指纹识别;Intranet security access method based on cloud computing and mobile public platform, which includes: initial fingerprint entry and fingerprint identification;

所述初始指纹的录入包括:The entry of the initial fingerprint includes:

S1、将录入的初始指纹传输至终端服务器;S1. Transmitting the entered initial fingerprint to the terminal server;

S2、终端服务器将录入的指纹转换为指纹信息并上传至云端的指纹库;S2. The terminal server converts the entered fingerprint into fingerprint information and uploads it to the fingerprint database in the cloud;

所述的指纹识别包括:The fingerprint identification includes:

S3、录入登录者的指纹并从指纹库中接入指纹信息;S3. Enter the fingerprint of the registrant and access the fingerprint information from the fingerprint database;

S4、将采集的指纹与对接的指纹信息进行对比,对比成功后进入内网。S4. Compare the collected fingerprint with the docked fingerprint information, and enter the intranet after the comparison is successful.

作为优选,所述步骤S1中,通过指纹模块录入初始指纹,所述指纹模块通过USB和UART中任意一种通讯接口与终端服务器相连接。Preferably, in the step S1, the initial fingerprint is entered through a fingerprint module, and the fingerprint module is connected to the terminal server through any communication interface among USB and UART.

作为优选,所述指纹模块与一单片机相连接,用于提供指纹模块电源的输入,使指纹模块工作,并完成相应的命令。Preferably, the fingerprint module is connected with a single-chip microcomputer, which is used to provide the input of the power supply of the fingerprint module to make the fingerprint module work and complete corresponding commands.

作为优选,所述指纹模块与服务器终端通过半双工异步串行通讯,其波特率为57600bps,传送的帧格式为10位,其中1位零电平,8位数据位和2位停止位。Preferably, the fingerprint module communicates with the server terminal through half-duplex asynchronous serial communication, the baud rate is 57600bps, and the transmitted frame format is 10 bits, of which 1 is zero level, 8 data bits and 2 stop bits .

作为优选,所述步骤S2中,所述指纹信息为指纹特征码,所述每个指纹特征码对应384字节。Preferably, in the step S2, the fingerprint information is a fingerprint feature code, and each fingerprint feature code corresponds to 384 bytes.

作为优选,所述步骤S2中,所述指纹信息为指纹特征码和指纹图像,所述每个指纹特征码对应384字节。Preferably, in the step S2, the fingerprint information is a fingerprint feature code and a fingerprint image, and each fingerprint feature code corresponds to 384 bytes.

作为优选,所述步骤S4中,通过对指纹库中接入的指纹特征码所对应的384个字节与登录者采集的指纹特征码对应的384个字节进行比对。Preferably, in the step S4, the 384 bytes corresponding to the fingerprint feature code accessed in the fingerprint library are compared with the 384 bytes corresponding to the fingerprint feature code collected by the registrant.

本发明的另一目的是提供一种基于云计算及移动公共平台的内网安全接入系统,其包括初始指纹的录入单元和指纹识别单元;Another object of the present invention is to provide an intranet security access system based on cloud computing and a mobile public platform, which includes an initial fingerprint entry unit and a fingerprint identification unit;

所述初始指纹的录入单元包括:将录入的初始指纹传输至终端服务器;终The entry unit of the initial fingerprint includes: transmitting the entered initial fingerprint to the terminal server;

端服务器将录入的指纹转换为指纹信息并上传至云端的指纹库;The terminal server converts the entered fingerprints into fingerprint information and uploads them to the fingerprint database in the cloud;

所述的指纹识别单元包括:录入登录者的指纹并从指纹库中接入指纹信息;The fingerprint identification unit includes: entering the fingerprint of the registrant and accessing the fingerprint information from the fingerprint database;

将采集的指纹与对接的指纹信息进行对比,对比成功后进入内网。Compare the collected fingerprint with the docked fingerprint information, and enter the intranet after the comparison is successful.

本发明具有以下的有益效果:The present invention has following beneficial effect:

本发明基于云计算及移动公共平台的内网安全接入方法,配备可接入公司内网安全平台的专用加密卡,实现移动作业终端安全可靠接入公司内网,提供可支持外接指纹采集仪的移动手机终端,从而完善内外网数据交互接口的安全性。一旦发现有非法终端接入网络,即马上给予阻断,避免非法终端接入网络后存活时间内所造成的安全威胁。当终端地址不属于指定的范围情况下,只要是非法终端,没有得到正确授权的用户,网络接入控制系统禁止接入网络。网络接入控制系统无需采用“不断的扫描”方式,而是通过交换机与网络接入控制系统之间的授权方式,对非法终端进行阻断。The present invention is based on cloud computing and a method for secure access to the internal network of the mobile public platform, and is equipped with a special encryption card that can be connected to the company's internal network security platform to realize safe and reliable access of the mobile operation terminal to the company's internal network and provide an external fingerprint collector that can support Mobile phone terminals, thereby improving the security of the data interaction interface of the internal and external networks. Once an illegal terminal is found to access the network, it will be blocked immediately to avoid security threats caused by the illegal terminal's survival time after accessing the network. When the terminal address does not belong to the specified range, as long as it is an illegal terminal and a user who has not been properly authorized, the network access control system prohibits access to the network. The network access control system does not need to use the "continuous scanning" method, but blocks illegal terminals through the authorization method between the switch and the network access control system.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. For those skilled in the art, other drawings can also be obtained according to these drawings without any creative effort.

图1为本发明UART和USB命令包的处理流程图;Fig. 1 is the processing flowchart of UART of the present invention and USB order packet;

图2为本发明UART数据包的发送流程图;Fig. 2 is the sending flowchart of UART packet of the present invention;

图3为本发明UART数据包的接收流程图;Fig. 3 is the receiving flowchart of UART packet of the present invention;

图4为本发明USB数据包的发送流程图;Fig. 4 is the sending flowchart of USB packet of the present invention;

图5为本发明USB数据包的接受流程图。FIG. 5 is a flow chart of receiving USB data packets in the present invention.

具体实施方式Detailed ways

下面结合附图对本发明的具体实施方式作进一步说明。在此需要说明的是,对于这些实施方式的说明用于帮助理解本发明,但并不构成对本发明的限定。此外,下面所描述的本发明各个实施方式中所涉及的技术特征只要彼此之间未构成冲突就可以相互组合。The specific embodiments of the present invention will be further described below in conjunction with the accompanying drawings. It should be noted here that the descriptions of these embodiments are used to help understand the present invention, but are not intended to limit the present invention. In addition, the technical features involved in the various embodiments of the present invention described below may be combined with each other as long as they do not constitute a conflict with each other.

实施例1Example 1

本实施例提供了一种基于云计算及移动公共平台的内网安全接入方法,其包括:初始指纹的录入和指纹识别。This embodiment provides a method for secure access to an intranet based on cloud computing and a mobile public platform, which includes: initial fingerprint entry and fingerprint identification.

所述初始指纹的录入:The entry of the initial fingerprint:

S1、将录入的初始指纹传输至终端服务器;S1. Transmitting the entered initial fingerprint to the terminal server;

S2、终端服务器将录入的指纹转换为指纹信息并上传至云端的指纹库;S2. The terminal server converts the entered fingerprint into fingerprint information and uploads it to the fingerprint database in the cloud;

所述指纹识别:The fingerprinting:

S3、录入登录者的指纹并从指纹库中接入指纹信息;S3. Enter the fingerprint of the registrant and access the fingerprint information from the fingerprint database;

S4、将采集的指纹与对接的指纹信息进行对比,对比成功后进入内网。S4. Compare the collected fingerprint with the docked fingerprint information, and enter the intranet after the comparison is successful.

本发明中,所述步骤S1中,通过指纹模块录入初始指纹,所述指纹模块通过USB和UART中任意一种通讯接口与终端服务器相连接,指纹模块作为从设备,由主设备发送相关命令对其进行控制。UART和USB命令包的处理流程图,如图1所示。In the present invention, in the step S1, the initial fingerprint is entered through the fingerprint module, and the fingerprint module is connected to the terminal server through any communication interface in USB and UART. The fingerprint module is used as a slave device, and the master device sends relevant commands to the terminal server. It controls. The flow chart of the processing of UART and USB command packets is shown in Figure 1.

其中指纹模块为SF2013指纹模块,SF2013指纹模块为集成了指纹算法芯片和指纹处理部分的一体化指纹处理模块,具有体积小、功耗低、接口简单的特点,并具有可靠性高、识别速度快、干湿手指适应性好,指纹搜索速度快的优势。指纹图像读取时,对干湿手指都有灵敏的反应和判断,获得最佳的成像质量,适用人群广泛。也可定制自学习适应功能,根据使用者的习惯、气候等的变化自动调整参数,做到更好的匹配。具备自学习功能,指纹识别过程中,提取新的指纹特征值,识别成功后将该特征值融合到之前的指纹特征中。Among them, the fingerprint module is the SF2013 fingerprint module. The SF2013 fingerprint module is an integrated fingerprint processing module that integrates the fingerprint algorithm chip and the fingerprint processing part. It has the characteristics of small size, low power consumption, simple interface, high reliability and fast recognition speed. , Good adaptability to dry and wet fingers, and fast fingerprint search speed. When reading fingerprint images, it has a sensitive response and judgment to dry and wet fingers, and obtains the best imaging quality, which is suitable for a wide range of people. The self-learning adaptation function can also be customized to automatically adjust parameters according to changes in user habits and climate to achieve better matching. With self-learning function, during the fingerprint identification process, new fingerprint feature values are extracted, and the feature values are fused into the previous fingerprint features after successful identification.

具体的,UART数据包的发送流程,如图2所示,其中,UART 传输数据包前,首先要接收到传输数据包的指令包,做好传输准备后发送成功应答包,最后才开始传输数据包。数据包主要包括:包头、芯片地址、包标识、包长度、数据和校验和。数据包的包标识主要分为两种:02H和08H。02H:数据包,且有后续包。08H:最后一个数据包,即结束包。数据长度是预先设置好的,主要分为:32、64、128、和 256 四种。其中,要传输的数据长度为1K bytes,数据包中预先设置的数据长度为 128 bytes,那么就要把 1K bytes 的数据分为 8 个数据包传输。每个数据包包括:2bytes包头、4bytes 芯片地址、1bytes 包标识、2bytes 包长度、128bytes 数据和 2bytes 校验和,每个数据包长度为 139bytes。另外,8个数据包中,前7个数据包的报标识是02H,最后一个结束数据包报标识是08H。最后需要注意的是,结束包如果长度没有达到 139bytes 时,以实际长度传输,不会以其他方式扩充到139 bytes。Specifically, the sending process of the UART data packet is shown in Figure 2. Before the UART transmits the data packet, it must first receive the instruction packet for the transmission data packet, send a successful response packet after the transmission is ready, and finally start to transmit the data. Bag. The data packet mainly includes: packet header, chip address, packet identification, packet length, data and checksum. There are two types of packet identifiers for data packets: 02H and 08H. 02H: data packet, and there is a follow-up packet. 08H: The last data packet, namely the end packet. The data length is pre-set, mainly divided into four types: 32, 64, 128, and 256. Among them, the length of the data to be transmitted is 1K bytes, and the preset data length in the data packet is 128 bytes, then the data of 1K bytes must be divided into 8 data packets for transmission. Each data packet includes: 2bytes packet header, 4bytes chip address, 1bytes packet identification, 2bytes packet length, 128bytes data and 2bytes checksum, and the length of each packet is 139bytes. In addition, among the 8 data packets, the report identifier of the first 7 data packets is 02H, and the report identifier of the last end data packet is 08H. Finally, it should be noted that if the length of the end packet does not reach 139 bytes, it will be transmitted with the actual length and will not be expanded to 139 bytes in other ways.

UART数据包的接收流程,如图3所示,UART 传输数据包前,首先要接收到传输数据包的指令包,做好传输准备后发送成功应答包,最后才开始传输数据包。数据包主要包括:包头、芯片地址、包标识、包长度、数据和校验和。数据包的包标识主要分为两种:02H和08H。02H:数据包,且有后续包。08H:最后一个数据包,即结束包。数据长度是预先设置好的,主要分为:32、64、128、和256四种。例如,要传输的数据长度为1K bytes,数据包中预先设置的数据长度为128 bytes,那么就要把 1K bytes 的数据分为 8 个数据包传输。每个数据包包括:2bytes 包头、4bytes 芯片地址、1bytes 包标识、2bytes 包长度、128bytes 数据和2bytes 校验和,每个数据包长度为139bytes。另外,8个数据包中,前7 个数据包的报标识是02H,最后一个结束数据包报标识是 08H。最后需要注意的是,结束包如果长度没有达到139bytes 时,以实际长度传输不会以其他方式扩充到139 bytes。The receiving process of the UART data packet is shown in Figure 3. Before the UART transmits the data packet, it must first receive the instruction packet for transmitting the data packet, and then send a successful response packet after making preparations for transmission, and finally start transmitting the data packet. The data packet mainly includes: packet header, chip address, packet identification, packet length, data and checksum. There are two types of packet identifiers for data packets: 02H and 08H. 02H: data packet, and there is a follow-up packet. 08H: The last data packet, namely the end packet. The data length is pre-set, mainly divided into four types: 32, 64, 128, and 256. For example, if the length of the data to be transmitted is 1K bytes, and the preset data length in the data packet is 128 bytes, then the data of 1K bytes must be divided into 8 data packets for transmission. Each data packet includes: 2bytes packet header, 4bytes chip address, 1bytes packet identification, 2bytes packet length, 128bytes data and 2bytes checksum, each packet length is 139bytes. In addition, among the 8 data packets, the report identifier of the first 7 data packets is 02H, and the report identifier of the last end data packet is 08H. Finally, it should be noted that if the length of the end packet does not reach 139 bytes, the actual length of the transmission will not be expanded to 139 bytes in other ways.

USB数据包的发送和接收流程,如图4和图5所示,USB传输数据包前,首先要接收到传输数据包的指令包,做好传输准备后发送成功应答包,最后才开始传输数据包。USB 数据包只有数据,没有包头、芯片地址、包标识、包长度和校验,且不同于UART分包传输,USB是整包传输的。The sending and receiving process of the USB data packet is shown in Figure 4 and Figure 5. Before the USB transmits the data packet, it must first receive the instruction packet for the transmission data packet, and then send a successful response packet after making preparations for transmission, and finally start to transmit data. Bag. The USB data packet only has data, without packet header, chip address, packet identification, packet length and checksum, and is different from UART packet transmission, USB is entire packet transmission.

所述指纹模块与单片机相连接,用于提供指纹模块电源的输入,使指纹模块工作,并完成相应的命令。The fingerprint module is connected with the single-chip microcomputer, and is used for providing the input of the power supply of the fingerprint module, making the fingerprint module work, and completing corresponding commands.

具体的,可与 3.3V 电源的单片机或其他 MCU 进行串口通讯。考虑到整体电路的功耗,指纹模块只有工作和不工作两种状态,没有休眠或待机状态;平常关闭指纹模块电源输入,指纹模块不工作;当单片机(MCU)功能中需要接入指纹模块,提供指纹模块电源输入,指纹模块工作,完成相应的命令,如不再使用指纹模块,则切断指纹模块电源,指纹模块模块进入不工作状态。Specifically, it can communicate with the single chip microcomputer or other MCU with 3.3V power supply. Considering the power consumption of the overall circuit, the fingerprint module only has two states of working and non-working, and there is no sleep or standby state; normally the power input of the fingerprint module is turned off, and the fingerprint module does not work; when the single-chip microcomputer (MCU) needs to access the fingerprint module, Provide the power input of the fingerprint module, the fingerprint module works, and completes the corresponding command. If the fingerprint module is no longer used, the power supply of the fingerprint module is cut off, and the fingerprint module enters the non-working state.

所述指纹模块与服务器终端通过半双工异步串行通讯,其波特率为57600bps,传送的帧格式为10位,其中1位零电平,8位数据位和2位停止位。The fingerprint module communicates with the server terminal through half-duplex asynchronous serial communication, the baud rate is 57600bps, and the transmitted frame format is 10 bits, including 1 zero-level bit, 8 data bits and 2 stop bits.

所述步骤S2中,所述指纹信息为指纹特征码,所述每个指纹特征码对应384字节。In the step S2, the fingerprint information is a fingerprint feature code, and each fingerprint feature code corresponds to 384 bytes.

所述步骤S4中,通过对指纹库中接入的指纹特征码所对应的384个字节与登录者采集的指纹特征码对应的384个字节进行比对。In the step S4, the 384 bytes corresponding to the fingerprint feature code accessed in the fingerprint database are compared with the 384 bytes corresponding to the fingerprint feature code collected by the registrant.

可以理解的,步骤S1中,指纹库可采用原系统指纹库,需要获取到运检系统目前指纹库中的指纹识别码,和其指纹采集方式。再结合其对应的统一标准的加密和指纹算法设计对应的指纹采集模块。也可以为新型指纹库,使用新的指纹采集设备自带的指纹库,并和对应的软件系统做集成,在系统上线后需要用户重新录入指纹模块。It can be understood that in step S1, the fingerprint library can use the original system fingerprint library, and it is necessary to obtain the fingerprint identification code in the current fingerprint library of the transportation inspection system and its fingerprint collection method. Combined with its corresponding unified standard encryption and fingerprint algorithm to design the corresponding fingerprint acquisition module. It is also possible to use the fingerprint library that comes with the new fingerprint collection device for the new fingerprint library, and integrate it with the corresponding software system. After the system goes online, the user needs to re-enter the fingerprint module.

实施例2Example 2

本实施例提供一种基于云计算及移动公共平台的内网安全接入系统,其包括初始指纹的录入单元和指纹识别单元;The present embodiment provides a system for intranet security access based on cloud computing and a mobile public platform, which includes an initial fingerprint entry unit and a fingerprint identification unit;

所述初始指纹的录入单元包括:将录入的初始指纹传输至终端服务器;终The entry unit of the initial fingerprint includes: transmitting the entered initial fingerprint to the terminal server;

端服务器将录入的指纹转换为指纹信息并上传至云端的指纹库;The terminal server converts the entered fingerprints into fingerprint information and uploads them to the fingerprint database in the cloud;

所述的指纹识别单元包括:录入登录者的指纹并从指纹库中接入指纹信息;The fingerprint identification unit includes: entering the fingerprint of the registrant and accessing the fingerprint information from the fingerprint database;

将采集的指纹与对接的指纹信息进行对比,对比成功后进入内网。Compare the collected fingerprint with the docked fingerprint information, and enter the intranet after the comparison is successful.

所述初始指纹的录入单元中,通过指纹模块录入初始指纹,所述指纹模块通过USB和UART中任意一种通讯接口与终端服务器相连接。所述指纹模块与单片机相连接,用于提供指纹模块电源的输入,使指纹模块工作,并完成相应的命令。In the entry unit of the initial fingerprint, the initial fingerprint is entered through the fingerprint module, and the fingerprint module is connected with the terminal server through any communication interface among USB and UART. The fingerprint module is connected with the single-chip microcomputer, and is used for providing the input of the power supply of the fingerprint module, making the fingerprint module work, and completing corresponding commands.

以上结合附图对本发明的实施方式作了详细说明,但本发明不限于所描述的实施方式。对于本领域的技术人员而言,在不脱离本发明原理和精神的情况下,对这些实施方式进行多种变化、修改、替换和变型,仍落入本发明的保护范围内。The embodiments of the present invention have been described in detail above with reference to the accompanying drawings, but the present invention is not limited to the described embodiments. For those skilled in the art, without departing from the principle and spirit of the present invention, various changes, modifications, substitutions and modifications to these embodiments still fall within the protection scope of the present invention.

Claims (10)

1. the intranet security cut-in method based on cloud computing and mobile common platform, it is characterised in that including:The record of initial fingerprint Enter and fingerprint recognition;
The typing of the initial fingerprint includes:
S1, by the initial fingerprint of typing be transmitted to terminal server;
The fingerprint of typing is converted to finger print information and the fingerprint base for being uploaded to high in the clouds by S2, terminal server;
The fingerprint recognition includes:
S3, the fingerprint of typing registrant simultaneously access finger print information from fingerprint base;
S4, contrasted the fingerprint of collection with the finger print information docked, enters Intranet after contrasting successfully.
2. intranet security cut-in method according to claim 1, it is characterised in that in the step S1, pass through fingerprint mould Block typing initial fingerprint, the fingerprint module are connected by any one communication interface in USB and UART with terminal server.
3. intranet security cut-in method according to claim 2, it is characterised in that the fingerprint module and a microcontroller phase Connection, for providing the input of fingerprint module power supply, makes fingerprint module work, and completes corresponding order.
4. intranet security cut-in method according to claim 2, it is characterised in that the fingerprint module and server terminal By half-duplex asynchronous serial communication, its baud rate is 57600bps, and the frame format of transmission is 10, wherein 1 zero level, 8 Position data bit and 2 stop positions.
5. intranet security cut-in method according to claim 1, it is characterised in that in the step S2, the fingerprint letter Cease and correspond to 384 bytes for fingerprint character code, each fingerprint character code.
6. intranet security cut-in method according to claim 1, it is characterised in that in the step S2, the fingerprint letter Cease and correspond to 384 bytes for fingerprint character code and fingerprint image, each fingerprint character code.
7. the intranet security cut-in method according to claim 5 or 6, it is characterised in that in the step S4, by referring to 384 bytes, 384 words corresponding with the fingerprint character code that registrant gathers corresponding to the fingerprint character code accessed in line storehouse Section is compared.
8. the intranet security access system based on cloud computing and mobile common platform, it is characterised in that the record including initial fingerprint Enter unit and fingerprint identification unit;
The typing unit of the initial fingerprint includes:The initial fingerprint of typing is transmitted to terminal server;Eventually
The fingerprint of typing is converted to finger print information and the fingerprint base for being uploaded to high in the clouds by end server;
The fingerprint identification unit includes:The fingerprint of typing registrant simultaneously accesses finger print information from fingerprint base;
The fingerprint of collection is contrasted with the finger print information docked, enters Intranet after contrasting successfully.
9. intranet security access system according to claim 8, it is characterised in that the typing unit of the initial fingerprint In, by fingerprint module typing initial fingerprint, the fingerprint module passes through any one communication interface and terminal in USB and UART Server is connected.
10. intranet security access system according to claim 9, it is characterised in that the fingerprint module and a microcontroller It is connected, for providing the input of fingerprint module power supply, fingerprint module is worked, and completes corresponding order.
CN201711101737.2A 2017-11-10 2017-11-10 Intranet security cut-in method and system based on cloud computing and mobile common platform Pending CN108040033A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711101737.2A CN108040033A (en) 2017-11-10 2017-11-10 Intranet security cut-in method and system based on cloud computing and mobile common platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711101737.2A CN108040033A (en) 2017-11-10 2017-11-10 Intranet security cut-in method and system based on cloud computing and mobile common platform

Publications (1)

Publication Number Publication Date
CN108040033A true CN108040033A (en) 2018-05-15

Family

ID=62093254

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711101737.2A Pending CN108040033A (en) 2017-11-10 2017-11-10 Intranet security cut-in method and system based on cloud computing and mobile common platform

Country Status (1)

Country Link
CN (1) CN108040033A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101087194A (en) * 2006-06-07 2007-12-12 株式会社日立制作所 Organism authenticating method and system
CN102916968A (en) * 2012-10-29 2013-02-06 北京天诚盛业科技有限公司 Identity authentication method, identity authentication server and identity authentication device
CN202767667U (en) * 2012-10-09 2013-03-06 丽水学院 Burglarproof door lock control system by finger identification
CN105743853A (en) * 2014-12-09 2016-07-06 航天信息股份有限公司 Fingerprint USB KEY and fingerprint center server for identity authentication, and system and method
CN106843913A (en) * 2017-03-29 2017-06-13 百帝安(北京)科技有限公司 Small area fingerprint recognition flush bonding module interface
US20170230335A1 (en) * 2014-10-31 2017-08-10 Huawei Technologies Co., Ltd. Method and apparatus for remote access

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101087194A (en) * 2006-06-07 2007-12-12 株式会社日立制作所 Organism authenticating method and system
CN202767667U (en) * 2012-10-09 2013-03-06 丽水学院 Burglarproof door lock control system by finger identification
CN102916968A (en) * 2012-10-29 2013-02-06 北京天诚盛业科技有限公司 Identity authentication method, identity authentication server and identity authentication device
US20170230335A1 (en) * 2014-10-31 2017-08-10 Huawei Technologies Co., Ltd. Method and apparatus for remote access
CN105743853A (en) * 2014-12-09 2016-07-06 航天信息股份有限公司 Fingerprint USB KEY and fingerprint center server for identity authentication, and system and method
CN106843913A (en) * 2017-03-29 2017-06-13 百帝安(北京)科技有限公司 Small area fingerprint recognition flush bonding module interface

Similar Documents

Publication Publication Date Title
CN105007282B (en) The Malware network behavior detection method and system of network-oriented service provider
CN104134253B (en) A kind of gate control system and gate inhibition's deployment method
USRE47842E1 (en) System and method of identifying networked device for establishing a P2P connection
US9152195B2 (en) Wake on cloud
CN105187392B (en) Mobile terminal from malicious software detecting method and its system based on Network Access Point
CN105072045B (en) A kind of wireless router with Malware network behavior ability of discovery
CN104735814A (en) Access method, system and related device for automatically getting access to WiFi network
CN103987042A (en) Terminal access authentication method and access gateway
CN101227278A (en) A remote network identity authentication method and system based on multiple biometric features
CN106664652B (en) Method and terminal for awakening wireless fidelity network
EP2058975A1 (en) Method for configuring device and system thereof
CN105187395A (en) Method and system for performing malicious software network behavior detection based on access router
TWI588676B (en) Device pairing method
TW201537914A (en) A gateway for performing wakeup-on-LAN or sleep-on-LAN
CN104994595A (en) Cell phone terminal and intelligent hardware networking control method thereof
CN109934976A (en) Access control management method, device, system, electronic device and storage medium
WO2022121660A1 (en) Method, apparatus and system for implementing remote automatic packet capture
CN106792694B (en) An access authentication method and access device
CN107396283A (en) A kind of router wireless connection authentication method and system
CN105488875A (en) Access control verification method and device
Kambale Home automation using google assistant
CN115442083B (en) Device access method, data exchange method, device and storage medium
CN112469034B (en) Internet of things gateway device capable of safely authenticating physical sensing equipment and access method thereof
CN202035000U (en) Control host for internet of things and internet of things provided with same
CN103152464B (en) Equipment, method and system of obtaining fixed phone calling information through wireless way

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180515

RJ01 Rejection of invention patent application after publication