Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Systems and methods for secure access to network device based on one-time access credentials

A network device, a one-time technology, applied in transmission systems, electrical components, etc., can solve problems such as ineffective control and distinction, high risk of password leakage, and insecure passwords, so as to achieve good promotion and application prospects, improve security performance, and system good compatibility

Active Publication Date: 2020-01-21
BEIJING WANGRUIDA TECH CO LTD
View PDF9 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] 1. The administrator's management of account passwords does not meet the basic requirements that network equipment should be protected by different network security levels; and account passwords are easy to leak, with high risks, and once leaked, the scope of influence is large and the loss is serious
[0010] 2. Multiple users use the same account and password, which makes it impossible to effectively control and distinguish whether each user can manage their own different network devices; and it is also difficult to distinguish and divide the management of different users for the same network device
Once a security incident occurs, it is difficult to locate the actual user and responsible person of the account
[0011] 3. When different network devices are independently audited, the audit logs of each network device will have different content and different depths. It is impossible to formulate a unified access audit strategy, and it is difficult to find illegal operations in time and trace them.
Therefore, the bastion host cannot fully control all login accounts and passwords on the network device
[0020] 2. The passwords are not synchronized: each network device has multiple sets of account passwords, and there may be new accounts and their passwords. The bastion machine cannot fully control the management and control of each network device.
When the password is changed, the account password originally stored in the bastion host will naturally become invalid, and the management and control of the network device will be lost directly.
[0021] 3. The password is not secure
The plaintext account passwords of all core network devices are stored in the bastion host. Once attacked, the risk of password leakage is high.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Systems and methods for secure access to network device based on one-time access credentials
  • Systems and methods for secure access to network device based on one-time access credentials
  • Systems and methods for secure access to network device based on one-time access credentials

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0048] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0049] An important technical innovation feature of the system of the present invention is to use the one-time access certificate OTP, that is, the dynamic password to replace the original account password of the traditional client user when connecting to the managed network device. The dynamic password OTP is automatically generated by the AAA server according to the set algorithm for each user's operation connection request for each management network device, an unpredictable real-time random combination of characters and / or numbers, and the use of each dynamic password It has only one lifespan, and it will fail after use.

[0050] see image 3 , introducing the structure of the system of secure access to network equipment based on one-time access credentials i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a system and a method for secure access to a network device based on one-time access credentials. The system is provided with a bastion host server, an AAA server, a log analysis server, a client and managed network equipment, wherein the structures of the bastion host server and the AAA server are respectively improved. The system is innovatively characterized in that an AAA server randomly and dynamically generates one-time access evidences for SSH / telnet connection each time in real time, and the one-time access evidences are used for authentication; and the traditional local storage and local authentication mode of account password and authority setting of the network device is replaced. the one-time access credential is transmitted in an encrypted manner and isdiscarded after being used each time, and the network device only allows the user to access after passing the authentication of the one-time access credential, so that the safety and reliability of the login account password of the network device can be enhanced and ensured. The AAA server realizes centralized management of local authentication information dispersed in numerous network devices. The user management authority is finely divided, and the user behavior is limited in a legal management control range, so that the security of the network equipment is ensured.

Description

technical field [0001] The present invention relates to a system and working method for secure access to network equipment based on one-time access credentials, which are used to solve the problem of using the traditional mechanism of local storage and local authentication for network equipment account passwords in the prior art in existing IP networks. The risk of password leakage is high, uncontrollable, and difficult to be held accountable; and when using the bastion machine management method, there are also many shortcomings of uncontrollable, out-of-sync, and reversible passwords. The present invention adopts the AAA identity authentication mode to replace the traditional local authentication mode, and replaces the traditional user account password with one-time access credentials, and also sets the user management authority in the AAA server, which makes the division of user management authority more convenient and the network equipment more secure . It belongs to the t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/0892H04L63/0838H04L63/0815H04L63/0428H04L63/168H04L63/02H04L67/08
Inventor 王道佳翁源丛群
Owner BEIJING WANGRUIDA TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com