Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Cache password-based network equipment security access system and working method thereof

A network device and password technology, applied in transmission systems, electrical components, etc., can solve the problems of asynchrony of passwords, large influence range, inability to log in account password control, etc., to ensure security and consistency, and enhance security and consistency. sexual effect

Active Publication Date: 2020-01-21
BEIJING WANGRUIDA TECH CO LTD
View PDF6 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] 1. The administrator's management of account passwords does not meet the basic requirements that network equipment should be protected by different network security levels; and account passwords are easy to leak, with high risks, and once leaked, the scope of influence is large and the loss is serious
[0010] 2. Multiple users use the same account and password, which makes it impossible to effectively control and distinguish whether each user can manage their own different network devices; and it is also difficult to distinguish and divide the management of different users for the same network device
Once a security incident occurs, it is difficult to locate the actual user and responsible person of the account
[0011] 3. When different network devices are independently audited, the audit logs of each network device will have different content and different depths. It is impossible to formulate a unified access audit strategy, and it is difficult to find illegal operations in time and trace them.
Therefore, the bastion host cannot fully control all login accounts and passwords on the network device
[0020] 2. The passwords are not synchronized: each network device has multiple sets of account passwords, and there may be new accounts and their passwords. The bastion machine cannot fully control the management and control of each network device.
When the password is changed, the account password originally stored in the bastion host will naturally become invalid, and the management and control of the network device will be lost directly.
[0021] 3. The password is not secure
The plaintext account passwords of all core network devices are stored in the bastion host. Once attacked, the risk of password leakage is high.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cache password-based network equipment security access system and working method thereof
  • Cache password-based network equipment security access system and working method thereof
  • Cache password-based network equipment security access system and working method thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments.

[0047] An important technical innovation feature of the system of the present invention is to use the authentication mode of the cached user account number and password by the AAA server to replace the local authentication mode of the traditional network device originally used when connecting to the managed network device. The cache password used in the system of the present invention is the account number and password of the user cached when the bastion host server receives the user login system connection request from the client. When the user initiates an operation connection request to control the network device, the cached password is sent by the bastion host server to the controlled network device, and then the network device sends the cached ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a cache password-based network equipment security access system and method. The system is provided with a bastion host server, an AAA server, a log analysis server, a client and managed network equipment, wherein the structures of the bastion host server and the AAA server are respectively improved. The system is innovatively characterized in that a bastion host server caches an account and a password of a client user and forwards the account and the password to an AAA server for authentication; and the traditional local storage and local authentication mode of accountpassword and authority setting of the network equipment is replaced. The cache password is transmitted in an encrypted manner. The managed network equipment only allows the user to access after passing the authentication of the cache password, so that the security and reliability of the login account password of the network equipment can be enhanced and ensured. The AAA server realizes centralizedmanagement of local authentication information dispersed in numerous network devices. The user management authority is finely divided, and the user behavior is limited in a legal management control range, so that the security of the network equipment is ensured.

Description

technical field [0001] The present invention relates to a system and working method for secure access to network equipment based on cached passwords, which is used to solve the problem of password leakage caused by the traditional mechanism of local storage and local authentication of network equipment account passwords in the prior art in the existing IP network The defects of high risk, uncontrollability, and difficulty of accountability; and when using the bastion machine management method, there are also many shortcomings of uncontrollable, out-of-sync, and reversible passwords. The invention adopts the AAA identity authentication mode to replace the traditional local authentication mode, and replaces the traditional user account password with the cached password, and also sets the user management authority in the AAA server, so that the division of user management authority is more convenient and the network equipment is more secure. It belongs to the technical field of n...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/0892H04L63/083H04L63/0815H04L63/0428H04L63/105
Inventor 翁源郭思琦丛群
Owner BEIJING WANGRUIDA TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com