CN108418824A - Access the method, apparatus and terminal device of internet - Google Patents
Access the method, apparatus and terminal device of internet Download PDFInfo
- Publication number
- CN108418824A CN108418824A CN201810189391.4A CN201810189391A CN108418824A CN 108418824 A CN108418824 A CN 108418824A CN 201810189391 A CN201810189391 A CN 201810189391A CN 108418824 A CN108418824 A CN 108418824A
- Authority
- CN
- China
- Prior art keywords
- address
- default
- internet
- secret key
- dns server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000004458 analytical method Methods 0.000 claims description 71
- 230000004044 response Effects 0.000 claims description 41
- 238000012795 verification Methods 0.000 claims description 7
- 238000012360 testing method Methods 0.000 claims description 2
- 230000006854 communication Effects 0.000 description 8
- 238000004891 communication Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 230000007812 deficiency Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000003672 processing method Methods 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000007175 bidirectional communication Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
An embodiment of the present invention provides a kind of method, apparatus and terminal device accessing internet, wherein the method for accessing internet includes:When accessing internet by public network, the domain name system DNS address that public network distributes is revised as to the address of default dns server;Based on default dns server, the internet protocol address of internet is verified;When being verified, internet is accessed based on IP address.Method provided in an embodiment of the present invention, it is verified by presetting the dns server internet to be visited to user, ensure the safety of user internet to be visited, user is avoided to access fishing website, the illegal websites such as pseudo-website, cause information leakage or property loss because pseudo-website is accessed to preventing user etc..
Description
Technical field
The present invention relates to field of computer technology, specifically, the present invention relates to a kind of method, apparatus accessing internet
And terminal device.
Background technology
With the fast development of science and technology, mobile terminal has become the necessity of people's life, mobile network's
Universal and ubiquitous public network environment, such as public Wifi hot spots, bring very big convenience, at everybody
When a certain public place, various shared public Wifi hot spots are frequently encountered, so as to by accessing these public Wifi
Hot spot, to access internet.
However, public Wifi hot spots, there is many security risks, malefactor can be come by attacking Wifi routers
DNS (Domain Name System, domain name system) information of Wifi access points is distorted, i.e., is constructed by modes such as DNS deceptions
One pseudo- dns server, with the network row of the application software information, user that obtain the terminal models of user's using terminal, use
For information etc., wherein the network behavior information of user includes but not limited to the browsed webpage of user, social number, circle of friends
The information such as photo, account, for example, when user logs in a shopping website, malefactor makes user step on by way of DNS deceptions
It records to a pseudo- shopping website, with information such as the account number ciphers that obtains user, and then unlawful interests is sought using these information, in
It is how to prevent this DNS from cheating and use public Wifi hot spots safely and access internet, becomes those skilled in the art urgently
The technical issues of solution.
Invention content
The purpose of the present invention is intended at least solve above-mentioned one of technological deficiency, is accessed especially by public network mutual
When networking, the technological deficiency of DNS deceptions can not be prevented.
The embodiment of the present invention provides a kind of method accessing internet according to one side, including:
When accessing internet by public network, the domain name system DNS address that the public network distributes is revised as pre-
If the address of dns server;
Based on the default dns server, the internet protocol address of the internet is verified;
When being verified, the internet is accessed based on the IP address.
Preferably, described to be based on the default dns server, the internet protocol address of the internet is tested
Card, including:
Analysis request is sent to the default dns server, is carried according to the first default secret key in the analysis request
The encrypted IP address;
It receives the default dns server and is directed to the resolution response that the analysis request returns;
Based on the resolution response, the IP address is verified.
Preferably, the identifier of the described first default secret key is also carried in the analysis request;
The secret key library including the identifier is pre-stored in the default dns server.
Preferably, the analysis result to the encrypted IP address, and the parsing are carried in the resolution response
The result is that encrypted according to the second default secret key corresponding with the identifier in the secret key library.
Preferably, described to be based on the resolution response, the IP address is verified, is specifically included:
According to the described first default secret key, the analysis result carried in the resolution response that receives is decrypted;
If successful decryption, it is determined that the IP address is verified.
The embodiment of the present invention additionally provides a kind of device accessing internet according to other side, including:
Module is changed, when for by public network access internet, domain name system DNS that the public network is distributed
Address is changed to the address of default dns server;
Authentication module carries out the internet protocol address of the internet for being based on the default dns server
Verification;
Access modules, for when being verified, the internet to be accessed based on the IP address.
Preferably, the authentication module includes sending submodule, receiving submodule and IP verification submodules;
The sending submodule is carried for sending analysis request to the default dns server in the analysis request
The with good grounds first default encrypted IP address of secret key;
The receiving submodule is rung for receiving the default dns server for the parsing that the analysis request returns
It answers;
The IP verifies submodule, for being based on the resolution response, is verified to the IP address.
Preferably, the identifier of the described first default secret key is also carried in the analysis request;
The secret key library including the identifier is pre-stored in the default dns server.
Preferably, the analysis result to the encrypted IP address, and the parsing are carried in the resolution response
The result is that encrypted according to the second default secret key corresponding with the identifier in the secret key library.
Preferably, the IP verifications submodule includes decryption subelement and determination subelement;
The decryption subelement, for according to the described first default secret key, to being carried in the resolution response that receives
Analysis result be decrypted;
The determination subelement, for when successful decryption, determining that the IP address is verified.
The embodiment of the present invention additionally provides a kind of terminal device according on the other hand, including memory, processor and
The computer program that can be run on a memory and on a processor is stored, the processor is realized above-mentioned when executing described program
Access internet method.
Method provided in an embodiment of the present invention, when accessing internet by public network, by the domain name of public network distribution
System dns address is revised as the address of default dns server, is not only subsequently to be based on the default dns server to verify IP address
Premise guarantee is provided, and effectively prevents the pseudo- dns server in public network;Based on default dns server, to interconnection
The internet protocol address of net is verified, it is ensured that user accesses the safety of internet;When being verified, it is based on IP
Address accesses internet so that user accesses corresponding internet by the IP address of safety, avoid user access fishing website,
Information leakage or property loss are caused etc. in the illegal websites such as pseudo-website to prevent user because pseudo-website is accessed.
The additional aspect of the present invention and advantage will be set forth in part in the description, these will become from the following description
Obviously, or practice through the invention is recognized.
Description of the drawings
Above-mentioned and/or additional aspect and advantage of the invention will become from the following description of the accompanying drawings of embodiments
Obviously and it is readily appreciated that, wherein:
Fig. 1 is the flow diagram of the access internet of one embodiment of the invention;
Fig. 2 is the work flow diagram of the access internet of one embodiment of the invention;
Fig. 3 is the basic structure schematic diagram of the device of the access internet of another embodiment of the present invention;
Fig. 4 is the detailed construction schematic diagram of the device of the access internet of another embodiment of the present invention.
Specific implementation mode
The embodiment of the present invention is described below in detail, examples of the embodiments are shown in the accompanying drawings, wherein from beginning to end
Same or similar label indicates same or similar element or element with the same or similar functions.Below with reference to attached
The embodiment of figure description is exemplary, and is only used for explaining the present invention, and is not construed as limiting the claims.
Those skilled in the art of the present technique are appreciated that unless expressly stated, singulative " one " used herein, " one
It is a ", " described " and "the" may also comprise plural form.It is to be further understood that is used in the specification of the present invention arranges
It refers to there are the feature, integer, step, operation, element and/or component, but it is not excluded that presence or addition to take leave " comprising "
Other one or more features, integer, step, operation, element, component and/or their group.It should be understood that when we claim member
Part is " connected " or when " coupled " to another element, it can be directly connected or coupled to other elements, or there may also be
Intermediary element.In addition, " connection " used herein or " coupling " may include being wirelessly connected or wirelessly coupling.It is used herein to arrange
Diction "and/or" includes that the whole of one or more associated list items or any cell are combined with whole.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, all terms used herein (including technology art
Language and scientific terminology), there is meaning identical with the general understanding of the those of ordinary skill in fields of the present invention.Should also
Understand, those terms such as defined in the general dictionary, it should be understood that have in the context of the prior art
The consistent meaning of meaning, and unless by specific definitions as here, the meaning of idealization or too formal otherwise will not be used
To explain.
It includes wireless communication that those skilled in the art of the present technique, which are appreciated that " terminal " used herein above, " terminal device " both,
The equipment of number receiver, only has the equipment of the wireless signal receiver of non-emissive ability, and includes receiving and transmitting hardware
Equipment, have on bidirectional communication link, can carry out two-way communication reception and emit hardware equipment.This equipment
May include:Honeycomb or other communication equipments are shown with single line display or multi-line display or without multi-line
The honeycomb of device or other communication equipments;PCS (Personal Communications Service, PCS Personal Communications System), can
With combine voice, data processing, fax and/or communication ability;PDA (Personal Digital Assistant, it is personal
Digital assistants), may include radio frequency receiver, pager, the Internet/intranet access, web browser, notepad, day
It goes through and/or GPS (Global Positioning System, global positioning system) receiver;Conventional laptop and/or palm
Type computer or other equipment, have and/or the conventional laptop including radio frequency receiver and/or palmtop computer or its
His equipment." terminal " used herein above, " terminal device " they can be portable, can transport, be mounted on the vehicles (aviation,
Sea-freight and/or land) in, or be suitable for and/or be configured in local runtime, and/or with distribution form, operate in the earth
And/or any other position operation in space." terminal " used herein above, " terminal device " can also be communication terminal, on
Network termination, music/video playback terminal, such as can be PDA, MID (Mobile Internet Device, mobile Internet
Equipment) and/or mobile phone with music/video playing function, can also be the equipment such as smart television, set-top box.
One embodiment of the invention provides a kind of method accessing internet, as shown in Figure 1, including:Step 110, lead to
When crossing public network access internet, the domain name system DNS address that public network distributes is revised as to the ground of default dns server
Location;Step 120, it is based on default dns server, the internet protocol address of internet is verified;Step 130, when testing
When card passes through, internet is accessed based on IP address.
Method provided in an embodiment of the present invention, when accessing internet by public network, by the domain name of public network distribution
System dns address is revised as the address of default dns server, is not only subsequently to be based on the default dns server to verify IP address
Premise guarantee is provided, and effectively prevents the pseudo- dns server in public network;Based on default dns server, to interconnection
The internet protocol address of net is verified, it is ensured that user accesses the safety of internet;When being verified, it is based on IP
Address accesses internet so that user accesses corresponding internet by the IP address of safety, avoid user access fishing website,
Information leakage or property loss are caused etc. in the illegal websites such as pseudo-website to prevent user because pseudo-website is accessed.
It describes in detail below to the method for the access internet of the above embodiment of the present invention, it is specific as follows:
In step 110, when accessing internet by public network, by the domain name system DNS address of public network distribution
It is revised as the address of default dns server.
Specifically, in the public network due to malefactor, such as public Wifi hot spots, using pseudo- dns server come into
Row DNS deceptions, and the pseudo- dns server that each malefactor uses also can be different, then, is avoiding passing through these puppets
Dns server is come when logging in internet, user can build privately owned safe dns server in advance, to be moved when user's control
Dynamic terminal, such as mobile phone, ipad etc., the dns address for connecting public network when accessing internet, public network can be distributed
It is revised as the address of default dns server, wherein the default dns server is carried out to the data of contact by secret key form
Encryption reconciliation is thickly.
In the step 120, it is based on default dns server, the internet protocol address of internet is verified.
It is preferably based on default dns server, the internet protocol address of internet is verified, including:To pre-
If dns server sends analysis request, carried according to the first default encrypted IP address of secret key in analysis request;It connects
It receives and presets the resolution response that dns server is directed to analysis request return;Based on resolution response, IP address is verified.
Preferably, the identifier of the first default secret key is also carried in analysis request;It is pre-stored with packet in default dns server
Include the secret key library of identifier.
Preferably, the analysis result to encrypted IP address is carried in resolution response, and analysis result is according to secret
The second default secret key corresponding with identifier is encrypted in key library.
It is preferably based on resolution response, IP address is verified, is specifically included:According to the first default secret key, to receiving
To resolution response in the analysis result that carries be decrypted;If successful decryption, it is determined that IP address is verified.
To sum up, the method for the access internet of the embodiment of the present invention is:When user's control mobile phone, ipad etc. are mobile eventually
It terminates into public network, come when accessing internet, mobile terminal is in such a way that secret key is encrypted and is verified, to presetting DNS service
The dns resolution address information that device is sent is verified, and if the verification passes, then illustrates that the dns resolution address information is default DNS
The secure network address of server parsing illustrates that there are risks for the dns resolution address information, does not access if authentication failed
The network address of the internet.Detailed process is as follows:
After the dns address of public network distribution is modified to the address of default dns server, in the mistake for accessing internet
Cheng Zhong presets dns server by this, to the IP (Internet Protocol, Internet protocol) of internet to be visited
Address such as is parsed, is verified at the operations, wherein specific verification process is:Mobile terminal sends to default dns server and waits visiting
The analysis request of the IP address for the internet asked is carried according to the first default encrypted IP address of secret key in analysis request;
Then, it receives the default dns server and is directed to the resolution response that the analysis request returns;It is then based on the resolution response, to IP
It is verified address.That is, user is when by mobile terminal accessing internet, mobile terminal is by the internet to be visited
IP address is encrypted by default secret key, is then sent to the default dns server, then, receives the default dns server
The corresponding resolution response returned, and it is based on the resolution response, IP address is verified.
Specifically, it presets in dns server and is pre-stored with secret key library, in the secret key library, the secret key of mobile terminal (i.e. the
One default secret key) it is uniquely corresponding to the secret key (the i.e. second default secret key) of a default dns server, the i.e. secret key of mobile terminal
It is corresponded with the secret key of default dns server.Since what mobile terminal carried in analysis request is default secret according to first
The encrypted IP address of key, therefore, it is also desirable to the identifier of the first default secret key also be carried in analysis request, in order to pre-
If dns server can find corresponding DNS secret keys (the i.e. second default secret key) according to the identifier, it should be noted that
Pre-stored secret key library in default dns server is the secret key library for including identifier.
Further, after default dns server receives the analysis request that mobile terminal is sent, DNS clothes are preset according to this
It is engaged in the secret key (i.e. according to the second default secret key corresponding with identifier in secret key library) of device, to after the encryption that is carried in analysis request
IP address be decrypted, if the decryption of default dns server illustrates the analysis request correctly to get to corresponding IP address
It is that mobile terminal is sent, then, default dns server parses the IP address, obtains corresponding analysis result, together
When, the secret key (i.e. according to the second default secret key corresponding with identifier in secret key library) of dns server is preset to parsing by this
As a result it is encrypted, the encrypted analysis result is then carried in resolution response and is sent to mobile terminal, namely solving
The analysis result to encrypted IP address is carried in analysis response, and analysis result is according to corresponding with identifier in secret key library
The second default secret key it is encrypted.
It should be noted that when default dns server is according to the second default secret key corresponding with identifier in secret key library, it is right
When the encrypted IP address decryption failure carried in analysis request, it is corresponding wrong to mobile terminal transmission to preset dns server
Accidentally prompt message.
Further, when mobile terminal receives the resolution response that default dns server is returned for analysis request, root
According to the secret key (the i.e. first default secret key) of the mobile terminal, the analysis result carried in the resolution response that receives is solved
It is close, if it is possible to which that normal solution is decrypted, then illustrates that the IP address is verified namely the IP address of the default dns server parsing is
Secure IP addresses, user can log in or access corresponding internet using this IP address so that user is by the IP of safety
Location accesses corresponding internet, and user is avoided to access the illegal websites such as fishing website, pseudo-website, to prevent user because accessing
Pseudo-website and cause information leakage or property loss etc..
Wherein, Fig. 2 gives the work flow diagram of the access internet of the embodiment of the present invention, can be clear in conjunction with Fig. 2
Understand the access interconnection network process of foregoing description.
In step 130, when being verified, internet is accessed based on IP address.
Specifically, when IP is verified, user can be based on IP address and access corresponding internet, so that it is guaranteed that user
Corresponding internet is accessed by the IP address of safety, avoids accessing the illegal websites such as fishing website, pseudo-website, and then prevent from using
Information leakage or property loss are caused because pseudo-website is accessed etc. in family.
Another embodiment of the present invention provides a kind of device accessing internet, as shown in figure 3, including:Change module 31,
Authentication module 32 and access modules 33.
When changing module 31 for accessing internet by public network, by the domain name system DNS of public network distribution
Location is changed to the address of default dns server.
Specifically, in the public network due to malefactor, such as public Wifi hot spots, using pseudo- dns server come into
Row DNS deceptions, and the pseudo- dns server that each malefactor uses is also different, then, is avoiding passing through these puppets DNS
Server is come when logging in internet, user can build privately owned safe dns server in advance, to be moved eventually when user's control
End, such as mobile phone, ipad etc., connection public network is come when accessing internet, the dns address that can distribute public network is changed
To preset the address of dns server, wherein the default dns server is that the data of contact are encrypted by secret key form
Reconciliation is thickly.
Authentication module 32 is used to, based on default dns server, verify the internet protocol address of internet.
Access modules 33 are used for when being verified, and the internet is accessed based on IP address.
Further, authentication module 32 includes that sending submodule 321, receiving submodule 322 and IP verify submodule 323,
As shown in Figure 4, wherein sending submodule 321 is used to send analysis request to default dns server, is carried in analysis request
According to the first default encrypted IP address of secret key;Receiving submodule 322 is directed to analysis request for receiving default dns server
The resolution response of return;IP verifies submodule 323 and is used to be based on resolution response, is verified to IP address.
Further, the identifier of the first default secret key is also carried in analysis request;It is pre-stored in default dns server
Secret key library including identifier.
Further, the analysis result to encrypted IP address is carried in resolution response, and analysis result is basis
The second default secret key corresponding with identifier is encrypted in secret key library.
Further, it includes decryption subelement 3231 and determination subelement 3232 that IP, which verifies submodule 323,;Decrypt subelement
3231 for according to the first default secret key, and the analysis result carried in the resolution response that receives is decrypted;Determine that son is single
Member 3232 is for when successful decryption, determining that IP address is verified.
Wherein, it after the dns address of public network distribution is modified to the address of default dns server, is interconnected accessing
During net, dns server is preset by this, IP (Internet Protocol, interconnection to internet to be visited
FidonetFido) address the operations such as parsed, verified, wherein and specific verification process is:Mobile terminal is to default dns server
The analysis request of the IP address of internet to be visited is sent, is carried in analysis request encrypted according to the first default secret key
IP address;Then, it receives the default dns server and is directed to the resolution response that the analysis request returns;It is then based on parsing sound
It answers, IP address is verified.That is, user is when by mobile terminal accessing internet, mobile terminal is to be visited by this
The IP address of internet is encrypted by default secret key, is then sent to the default dns server and it is default then to receive this
The corresponding resolution response that dns server returns, and it is based on the resolution response, IP address is verified.
Specifically, being pre-stored with secret key library in default dns server, in the secret key library, the secret key of mobile terminal is (i.e.
First default secret key) be uniquely corresponding to the secret key (the i.e. second default secret key) of a default dns server, i.e., mobile terminal is secret
The secret key of key and default dns server corresponds.Since what mobile terminal carried in analysis request is default according to first
The encrypted IP address of secret key, therefore, it is also desirable to the identifier of the first default secret key is also carried in analysis request, in order to
Default dns server can find corresponding DNS secret keys (the i.e. second default secret key) according to the identifier, need to illustrate
It is that the pre-stored secret key library preset in dns server is the secret key library for including identifier.
It further says, after default dns server receives the analysis request of mobile terminal transmission, DNS is preset according to this
The secret key (i.e. according to the second default secret key corresponding with identifier in secret key library) of server, the encryption to being carried in analysis request
IP address afterwards is decrypted, if the decryption of default dns server is correctly to get to corresponding IP address, illustrating that the parsing is asked
Seeking Truth mobile terminal is sent, and then, default dns server parses the IP address, obtains corresponding analysis result,
Meanwhile the secret key (i.e. according to the second default secret key corresponding with identifier in secret key library) of dns server is preset to solution by this
Analysis result is encrypted, and the encrypted analysis result is then carried in resolution response and is sent to mobile terminal, Ye Ji
Carry the analysis result to encrypted IP address in resolution response, and analysis result be according in secret key library with identifier pair
The the second default secret key answered is encrypted.
It should be noted that when default dns server is according to the second default secret key corresponding with identifier in secret key library, it is right
When the encrypted IP address decryption failure carried in analysis request, it is corresponding wrong to mobile terminal transmission to preset dns server
Accidentally prompt message.
Further say, when mobile terminal receives the resolution response that default dns server is returned for analysis request,
According to the secret key (the i.e. first default secret key) of the mobile terminal, the analysis result carried in the resolution response that receives is solved
It is close, if it is possible to which that normal solution is decrypted, then illustrates that the IP address is verified namely the IP address of the default dns server parsing is
Secure IP addresses, user can log in or access corresponding internet using this IP address so that user is by the IP of safety
Location accesses corresponding internet, and user is avoided to access the illegal websites such as fishing website, pseudo-website, to prevent user because accessing
Pseudo-website and cause information leakage or property loss etc..
Method provided in an embodiment of the present invention, when accessing internet by public network, by the domain name of public network distribution
System dns address is revised as the address of default dns server, is not only subsequently to be based on the default dns server to verify IP address
Premise guarantee is provided, and effectively prevents the pseudo- dns server in public network;Based on default dns server, to interconnection
The internet protocol address of net is verified, it is ensured that user accesses the safety of internet;When being verified, it is based on IP
Address accesses internet so that user accesses corresponding internet by the IP address of safety, avoid user access fishing website,
Information leakage or property loss are caused etc. in the illegal websites such as pseudo-website to prevent user because pseudo-website is accessed.
Another embodiment of the present invention provides a kind of terminal device, including memory, processor and is stored in memory
Computer program that is upper and can running on a processor, processor realizes above-mentioned access internet method when executing program.
Those skilled in the art of the present technique are appreciated that the present invention includes being related to for executing in operation described herein
One or more equipment.These equipment can specially be designed and be manufactured for required purpose, or can also include general
Known device in computer.These equipment have the computer program being stored in it, these computer programs are selectively
Activation or reconstruct.Such computer program can be stored in equipment (for example, computer) readable medium or be stored in
It e-command and is coupled to respectively in any kind of medium of bus suitable for storage, the computer-readable medium includes but not
Be limited to any kind of disk (including floppy disk, hard disk, CD, CD-ROM and magneto-optic disk), ROM (Read-Only Memory, only
Read memory), RAM (Random Access Memory, immediately memory), EPROM (Erasable Programmable
Read-Only Memory, Erarable Programmable Read only Memory), EEPROM (Electrically Erasable
Programmable Read-Only Memory, Electrically Erasable Programmable Read-Only Memory), flash memory, magnetic card or light card
Piece.It is, readable medium includes by any Jie of equipment (for example, computer) storage or transmission information in the form of it can read
Matter.
Those skilled in the art of the present technique be appreciated that can with computer program instructions come realize these structure charts and/or
The combination of each frame and these structure charts and/or the frame in block diagram and/or flow graph in block diagram and/or flow graph.This technology is led
Field technique personnel be appreciated that these computer program instructions can be supplied to all-purpose computer, special purpose computer or other
The processor of programmable data processing method is realized, to pass through the processing of computer or other programmable data processing methods
Device come execute structure chart and/or block diagram and/or flow graph disclosed by the invention frame or multiple frames in specify scheme.
Those skilled in the art of the present technique are appreciated that in the various operations crossed by discussion in the present invention, method, flow
Steps, measures, and schemes can be replaced, changed, combined or be deleted.Further, each with having been crossed by discussion in the present invention
Other steps, measures, and schemes in kind operation, method, flow may also be alternated, changed, rearranged, decomposed, combined or deleted.
Further, in the prior art to have and step, measure, the scheme in various operations, method, flow disclosed in the present invention
It may also be alternated, changed, rearranged, decomposed, combined or deleted.
The above is only some embodiments of the present invention, it is noted that for the ordinary skill people of the art
For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered
It is considered as protection scope of the present invention.
Claims (10)
1. a kind of method accessing internet, which is characterized in that including:
When accessing internet by public network, the domain name system DNS address that the public network distributes is changed to default DNS
The address of server;
Based on the default dns server, the internet protocol address of the internet is verified;
When being verified, the internet is accessed based on the IP address.
2. according to the method described in claim 1, it is characterized in that, described be based on the default dns server, to the interconnection
The internet protocol address of net is verified, including:
Analysis request is sent to the default dns server, is carried in the analysis request according to the first default secret key encryption
The IP address afterwards;
It receives the default dns server and is directed to the resolution response that the analysis request returns;
Based on the resolution response, the IP address is verified.
3. according to the method described in claim 2, it is characterized in that, also carrying the described first default secret key in the analysis request
Identifier;
The secret key library including the identifier is pre-stored in the default dns server.
4. according to the method described in claim 3, it is characterized in that, being carried in the resolution response to the encrypted IP
The analysis result of address, and the analysis result is according to the second default secret key corresponding with the identifier in the secret key library
It is encrypted.
5. according to claim 2-4 any one of them methods, which is characterized in that it is described to be based on the resolution response, to described
IP address is verified, and is specifically included:
According to the described first default secret key, the analysis result carried in the resolution response that receives is decrypted;
If successful decryption, it is determined that the IP address is verified.
6. a kind of device accessing internet, which is characterized in that including:
Module is changed, when for by public network access internet, domain name system DNS address that the public network is distributed
It is changed to the address of default dns server;
Authentication module tests the internet protocol address of the internet for being based on the default dns server
Card;
Access modules, for when being verified, the internet to be accessed based on the IP address.
7. device according to claim 6, which is characterized in that the authentication module includes sending submodule, receives submodule
Block verifies submodule with IP;
The sending submodule carries root for sending analysis request to the default dns server in the analysis request
According to the first default encrypted IP address of secret key;
The receiving submodule is directed to the resolution response that the analysis request returns for receiving the default dns server;
The IP verifies submodule, for being based on the resolution response, is verified to the IP address.
8. device according to claim 7, which is characterized in that also carry the described first default secret key in the analysis request
Identifier;
The secret key library including the identifier is pre-stored in the default dns server;
The analysis result to the encrypted IP address is carried in the resolution response, and the analysis result is according to institute
It is encrypted to state the second default secret key corresponding with the identifier in secret key library.
9. device according to claim 7 or 8, which is characterized in that IP verification submodule include decryption subelement with
Determination subelement;
The decryption subelement, for according to the described first default secret key, to the solution carried in the resolution response that receives
Analysis result is decrypted;
The determination subelement, for when successful decryption, determining that the IP address is verified.
10. a kind of terminal device, including memory, processor and storage are on a memory and the calculating that can run on a processor
Machine program, which is characterized in that the processor realizes that claim 1-5 any one of them accesses interconnection when executing described program
The method of net.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810189391.4A CN108418824A (en) | 2018-03-07 | 2018-03-07 | Access the method, apparatus and terminal device of internet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810189391.4A CN108418824A (en) | 2018-03-07 | 2018-03-07 | Access the method, apparatus and terminal device of internet |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108418824A true CN108418824A (en) | 2018-08-17 |
Family
ID=63130239
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810189391.4A Pending CN108418824A (en) | 2018-03-07 | 2018-03-07 | Access the method, apparatus and terminal device of internet |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108418824A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111885063A (en) * | 2020-07-23 | 2020-11-03 | 平安付科技服务有限公司 | Open source system access control method, device, device and storage medium |
| CN114710302A (en) * | 2020-12-17 | 2022-07-05 | 北京首信科技股份有限公司 | Internet access control method and control device thereof |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130198065A1 (en) * | 2011-10-03 | 2013-08-01 | Verisign, Inc. | Adaptive name resolution |
| KR101326360B1 (en) * | 2012-06-22 | 2013-11-11 | 가톨릭대학교 산학협력단 | Method for security communication between dns server and authoritative dns server for thereof and security communication system |
| CN104168339A (en) * | 2014-06-30 | 2014-11-26 | 汉柏科技有限公司 | Method and device for preventing domain name from being intercepted |
| CN104468865A (en) * | 2014-12-25 | 2015-03-25 | 北京奇虎科技有限公司 | Domain name resolution control and response methods and corresponding device |
| CN106357841A (en) * | 2016-11-02 | 2017-01-25 | 腾讯科技(深圳)有限公司 | Domain name resolution method, device and system |
-
2018
- 2018-03-07 CN CN201810189391.4A patent/CN108418824A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130198065A1 (en) * | 2011-10-03 | 2013-08-01 | Verisign, Inc. | Adaptive name resolution |
| KR101326360B1 (en) * | 2012-06-22 | 2013-11-11 | 가톨릭대학교 산학협력단 | Method for security communication between dns server and authoritative dns server for thereof and security communication system |
| CN104168339A (en) * | 2014-06-30 | 2014-11-26 | 汉柏科技有限公司 | Method and device for preventing domain name from being intercepted |
| CN104468865A (en) * | 2014-12-25 | 2015-03-25 | 北京奇虎科技有限公司 | Domain name resolution control and response methods and corresponding device |
| CN106357841A (en) * | 2016-11-02 | 2017-01-25 | 腾讯科技(深圳)有限公司 | Domain name resolution method, device and system |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111885063A (en) * | 2020-07-23 | 2020-11-03 | 平安付科技服务有限公司 | Open source system access control method, device, device and storage medium |
| CN111885063B (en) * | 2020-07-23 | 2022-08-02 | 平安付科技服务有限公司 | Open source system access control method, device, equipment and storage medium |
| CN114710302A (en) * | 2020-12-17 | 2022-07-05 | 北京首信科技股份有限公司 | Internet access control method and control device thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110798471B (en) | Air conditioner management method and related device | |
| CN105187431B (en) | Login method, server, client and the communication system of third-party application | |
| CN103634109B (en) | Operation right authentication method and device | |
| CN107122674B (en) | Access method of oracle database applied to operation and maintenance auditing system | |
| CN103475726B (en) | A kind of virtual desktop management, server and client side | |
| CN105407074A (en) | Authentication method, apparatus and system | |
| CN103166977A (en) | Method, terminal, server and system for accessing website | |
| CN109861968A (en) | Resource access control method, device, computer equipment and storage medium | |
| CN106685949A (en) | Container access method, container access device and container access system | |
| US20090037734A1 (en) | Device authentication system, mobile terminal device, information device, device authenticating server, and device authenticating method | |
| CN104158818A (en) | Single sign-on method and system | |
| EP2060050A2 (en) | Systems and methods for acquiring network credentials | |
| US20210112060A1 (en) | Method and Apparatus to Control and Monitor Access to Web Domains using Networked Devices | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| CN104219626B (en) | A kind of identity authentication method and device | |
| CN114125027A (en) | Communication establishing method and device, electronic equipment and storage medium | |
| CN103634111B (en) | Single-point logging method and system and single sign-on client-side | |
| Strobl et al. | Connected cars—Threats, vulnerabilities and their impact | |
| CN102143492A (en) | VPN connection establishment method, mobile terminal, server | |
| CN106559785A (en) | Authentication method, equipment and system and access device and terminal | |
| CN108418824A (en) | Access the method, apparatus and terminal device of internet | |
| KR20020000961A (en) | A wireless authentication method using mobile telecommunication system | |
| CN108462671A (en) | A kind of authentication protection method and system based on reverse proxy | |
| US20080117837A1 (en) | Method for setting wireless lan communication system and wireless lan access point | |
| CN108183896A (en) | Page acquisition methods, device and the electronic equipment of browser |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180817 |
|
| RJ01 | Rejection of invention patent application after publication |