CN101132344A - Safe intercommunication method and apparatus between two isolated networks - Google Patents
Safe intercommunication method and apparatus between two isolated networks Download PDFInfo
- Publication number
- CN101132344A CN101132344A CNA2007101539989A CN200710153998A CN101132344A CN 101132344 A CN101132344 A CN 101132344A CN A2007101539989 A CNA2007101539989 A CN A2007101539989A CN 200710153998 A CN200710153998 A CN 200710153998A CN 101132344 A CN101132344 A CN 101132344A
- Authority
- CN
- China
- Prior art keywords
- access
- interviewed
- network port
- visit
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
This invention relates to a safety intercommunicating method between two independent networks, in which, an access object and an accessed object transfer information by an intercommunication proxy, which first of all verifies specific operation required by the access object and then sets up a safety communication channel for them and sets a timer limitting access time, when the access operation time surpasses the interval of the timer, the safety channel is forced to cut off, besides, the channel is limited by access authorization level of acces objects, when an access user with advanced purview needs to access an accessed user immediately, the accessed object will cut off access to it by a lower level user, and when a user with advanced authority is visiting the accessed object, other access objects have no right to interfere it.
Description
Technical field
The present invention relates to the safe intercommunication method between a kind of two separate networks and realize this square law device.
Background technology
Usually, web browser such as Netscape Navigator or Microsoft Explorer etc. are used to visit the public network such as the internet, because these web browsers can show and reproduce the HTML(Hypertext Markup Language) document that far-end server equipment provides, allow client user from far-end server equipment, to ask and retrieve resources via the internet, carry out the shell script that embeds in the html document simultaneously, so that provide certain local function to the user.
But for some dedicated networks; resource and information that it is inner are maintained secrecy; do not allow external network just to visit and browse easily; more do not allow to be modified; for the sake of security; therefore dedicated network is subjected to the protection of fire compartment wall usually, is in browser on the computing equipment of dedicated network outside and can not visits any resource on the dedicated network.
Though fire compartment wall is preventing that aspect the external reference dedicated network be very effective, if but between two separate networks " shutting off oneself from society " fully, neither allow external computing device to visit its internal resource, oneself can not visit the resource in the another one separate network, so just be easy to form the waste of resource and information, be unfavorable for the intercommunication and the unified management of the shared information of needs, particularly to two in the same management system independently between the network, need the information of shared and intercommunication more frequent, this just needs to carry out between two separate networks the intercommunication of some information.
Existing relatively more conventional way is exactly, the fire compartment wall of certain separate network is before external equipment enters separate network access rights to be set, allow external equipment to pass fire compartment wall and visit separate network via public network, after access rights were allowed to, external equipment just can freely be browsed resource and the information in the separate network; This way will provide one " hole " of seriously jeopardizing separate network safety in fire compartment wall, if separate network is paid special attention to safety, generally do not allow to use the way of this routine.
Publication number is that the Chinese invention patent of CN 1605181A " is used to resource on the dedicated network that the method and system of secure access is provided " to disclose and a kind ofly comes method that the resource on the dedicated network is conducted interviews via intermediate server, and this method comprises that (a) receives the logging request from user's visit intermediate server; (b) user is verified; (c) reception is from user's resource request on intermediate server subsequently, and wherein said resource request requires the resource from dedicated network is carried out specific operation; (d) obtain user's access rights; (e) whether the access rights of determining the user allow the user to carry out described specific operation on dedicated network; (f) when described determining step (e) determines that user's access rights do not allow it to carry out described specific operation on dedicated network, stop and on dedicated network, carry out described specific operation, can not have response thus at described resource request; Pass through as access rights, then allow it on dedicated network, to carry out described specific operation.In the said method, needs one special intermediate server system realizes each operation requests in the said method, and this server system includes Web server, protocol handler, contents transformer, authentication manager, some only equipment of itemizing such as data storage with information processing function, this server system is expensive huge; And, in the said method, when user's access rights are passed through checking, the user can allow it to carry out specific operation on dedicated network always, and be not subjected to the restriction of access time length, when other external equipments need that also dedicated network carried out identical specific operation, just can only wait for that user's executable operations finishes and withdraw from the just qualified later on operation that conducts interviews of dedicated network, occur as emergency, when another external equipment needed carry out a certain specific operation to private network immediately, this method will be brought unusual disadvantageous consequence to operator and manager.
Summary of the invention
First technical problem to be solved by this invention be at above-mentioned prior art provide a kind of after the escape way between two separate networks is opened, have this escape way is carried out safe intercommunication method between two separate networks of safety control.
Second technical problem to be solved by this invention provides a kind of device of realizing two safe intercommunication methods between separate network, and this device both can be within any one separate network, also can be in outside two separate networks.
The present invention solves the technical scheme that above-mentioned first technical problem adopts: the safe intercommunication method between these two separate networks, at least include one and be in the intrasystem access object of accesses network with first network port, one is in the interviewed object with second network port in another independently interviewed network system, it is characterized in that: also include an interworking agent with at least two network ports, one of them network port links to each other with first network port of described access object; Another network port links to each other with second network port of interviewed object, and the safe intercommunication method between described two separate networks may further comprise the steps:
Step 1: access object proposes access request, submits interviewed image parameter and resource request requirement to;
Step 2: interworking agent receives the access rights and the resource request requirement of access object;
Step 3: the access rights of interworking agent authentication-access object and resource request requirement, confirm whether access object has authority that is connected to interviewed object and the specific operation that interviewed object is carried out described resource request requirement, the access rights or the access object of not visiting interviewed object as access object do not allow it to carry out described specific operation on interviewed equipment, and then this access request will not be set up; When access object had the access rights of the interviewed object of visit and has on interviewed equipment the described specific operation of execution simultaneously, this access request was set up successfully.
Step 4: set up successfully as this access request, interworking agent is specified routed path for this visit, and be that communication channel is set up in visit, simultaneously, interworking agent is set with the timer of a Fixed Time Interval for this time visit, when this visit beginning, the timer of described Fixed Time Interval picks up counting, and timing finishes, and this visit is forced to disconnect, continue visit as need, then need propose access request again;
Step 5: after routed path is set up successfully, begin communication between first network port of access object and second network port of interviewed object;
Step 6: interworking agent is that access object and interviewed object are set up exchanges data, and access object is carried out the resource request operation to interviewed object, after operation is finished, finishes this visit.
After specific operation that access object is asked was by checking, the escape way between two separate networks was opened, and for this escape way is carried out safety control, interworking agent is the timer that escape way is provided with access time restriction; Occur as emergency, when another external object needs that immediately the interviewed object in the network by one's own efforts carried out a certain specific operation, as further improvement, the means of communication in the above-mentioned steps five between second network port of first network port of access object and interviewed object may further comprise the steps:
Step (one): the access rights of access object are divided into one-level access rights and second-level access authority;
Step (two): the access rights of interworking agent test access object; Access rights as access object are the one-level access rights, interworking agent detects second network port that interviewed object has and takies situation, as second network port free time, then allow this visit, occupied as second network port, then cut off ongoing second-level access authority user's visit, allow this visit; Access rights as access object are the second-level access authority, and interworking agent detects second network port that interviewed object has and takies situation, as second network port free time, then allows this visit, and is occupied as second network port, then this visit failure.
Certainly, the rank of the access rights of above-mentioned access object is not limited only to two-stage, also can be arranged to the different multistage access rights of rank, interworking agent is when the access rights of test access object, so long as high level access object is need visit interviewee the time, and it is occupied to cross second network port, and interworking agent will cut off low one-level access rights user's visit, allows the access object visit interviewee of senior access rights.
The data exchange ways of the interworking agent in the above-mentioned steps six can be hard exchange, also can be soft switch; When exchanged form was hard exchange, described interworking agent was provided with the exchange chip group, and swap data is realized by the hardware of exchange chip group; When exchanged form was soft switch, described interworking agent was provided with the exchanges data software program, and swap data is realized by software program.
Described interworking agent is preserved the access rights database of record of a plurality of access objects in advance, receive the resource request requirement of access object when interworking agent after, interworking agent requires access object access rights and the resource request that receives to require to compare with access rights that are kept at corresponding object in the database in advance and resource request thereby whether the authentication-access object has the authority that is connected to interviewed object and the specific operation of the described resource request requirement of whether having the right interviewed object is carried out, identical as both comparative results, then this access request is by checking, access rights and resource request if any access object require have any one comparative result inequality, and then this access request can not be by checking.
The present invention solves second technical scheme that technical problem adopted: this device includes: at least two network ports; The network port of the access object in one of them network port and the separate network links to each other; The network port of the interviewed object in another network port and another separate network links to each other; One preserves the authority management module of the access rights of access object; One check the access rights of access object and set up access object and interviewed object between the access control module of communication; One exchange control management module for access object foundation visit routed path; One realizes the Switching Module of exchanges data between access object and the interviewed object; One control access object is visited the timer of interviewed object time.
As improvement, said apparatus also includes a data memory module of depositing the access rights database of record.
Compared with prior art, the invention has the advantages that: at first, the specific operation of asking when access object passes through checking, after escape way between two separate networks is opened, for this escape way is carried out safety control, interworking agent is the timer that escape way is provided with access time restriction, surpasses the blanking time of timer when the accessing operation time of access object, described escape way is forced to disconnect, and has fail safe; Secondly, the means of communication between two network ports of access object and interviewee are subjected to other restriction of access rights level, occur as emergency, when the calling party with super-ordinate right needs the zero access interviewee to operate, interviewee can be cut off the communication between self and the rudimentary authority calling party that he conducted interviews immediately, discharge the self networks port, and have between the calling party of super-ordinate right and set up safety communication, and when the calling party with super-ordinate right carried out safety communication with interviewee, other access objects had no right to interfere; Such method makes the communication between two separate networks become safer, hommization more; Once more, the device of the safe intercommunication method between two separate networks of realization provided by the invention because it is multiple functional, and each functional module concentrates in the same device, have carry, benefit easy for installation.
Description of drawings
Fig. 1 is a remote access system block diagram between two separate networks in the embodiment of the invention;
Fig. 2 is the flow chart that access request is handled in the embodiment of the invention;
Fig. 3 is the flow chart that the authentication-access request is handled in the embodiment of the invention;
Fig. 4 is the flow chart that escape way is set up in the embodiment of the invention;
Fig. 5 is the flow chart of exchanges data in the embodiment of the invention;
Fig. 6 is the process chart of access rights in the embodiment of the invention;
Fig. 7 is a system block diagram of realizing the device of the safe intercommunication method between two separate networks in the embodiment of the invention.
Embodiment
Embodiment describes in further detail the present invention below in conjunction with accompanying drawing.
One aspect of the present invention provides a kind of and provides improving one's methods of secure access for the resource that keeps on the separate network, and be that two equipment between the separate network are set up safety communication, thereby the specific operation that this method can be authorized interviewee via the transfer of interworking agent by access object by the web browser that uses standard.Described interworking agent can be in two separate networks---any one network in separate network 1, the separate network 2, also can be in two public networks outside the separate network, but this intercommunication network must keep in communication by the public network and the external world, and see Fig. 1.
As Fig. 2, as when discussing, as long as above-mentioned interworking agent receives the access request of access object, then call access request automatically and handle 1, access request is handled and to be started from decision block 10, and described decision block 10 determines whether the request that receives is that a system lands request, is that a system is when landing request when decision block receives a request, described request is handled 1 couple of requestor's IP address and is verified 11, and whether check requestor's IP address has authority to carry out system is landed; When checking is passed through in requestor's IP address, then return a dialog box 12 to the requestor, require the requestor to submit to user name and password to judge the access rights of access object, the requestor submits to interviewed image parameter and resource request to require 13, so that whether checking can carry out specific operation to interviewed object, and handle 1 for initial access page 14 of requestor, described access request and finish; When requestor's IP address by checking, then return a login page 15 to the requestor, this login page is convenient to the requestor and is attempted again landing, described access request is handled 1 and is finished.
After access request processing 1 is handled, interworking agent enters the authentication-access request and handles 2, interworking agent is preserved the access rights database of record of a plurality of access objects in advance, authentication-access request processing 2 starts from calls access rights database of record 21, interworking agent judges that at first the username and password that the requestor lands verifies 22, whether the username and password of judging the requestor is correctly corresponding with existing user name and password in the access rights database of record, pass through checking as username and password, obtain requestor's access rights rank 23, other operation of access rights level for the requestor will be done detailed description below, judge then whether the requestor has authority to be connected to interviewee 24, the authority that has the visit interviewee as the requestor, continue to judge that the requestor does not have right interviewed object is carried out described resource request requirement 25, pass through checking once more as the requestor, then this visit finishes by checking; When requestor's user name and password mistake, return a checking page 26 to the requestor, not finishing by the checking of user name password; When the requestor does not have authority to be connected to the equipment of being interviewed or do not have the interviewed object of power to carry out described resource request requirement, then this visit can not finish by checking, sees Fig. 3 for details.
Access request is by after verifying, interworking agent enters to setting up escape way between this access object and the interviewed object and handles 3, as shown in Figure 4, interworking agent at first distributes dynamic IP addressing 31 for access object, simultaneously, access object is the dynamic IP addressing visit interviewee of its distribution according to interworking agent, the interworking agent timer picks up counting 32, timer is made as M blanking time, interworking agent is set with a reminder time than timer little N blanking time, initiatively do not apply for finishing under this visit situation in access object, interworking agent is at first judged whether arriving reminding (being M-N) 34 constantly of timer timing, in this way, remind access object whether to apply for prolonging the access time 35, if providing application, access object prolongs the access time signal, then interworking agent is the access time that access object prolongs a fixed time interval, if providing, access object need not prolong the access time signal, then interworking agent continues to judge whether the timer timing finishes 36, timing is finished as timer, interworking agent cuts off this connection by force, discharge dynamic IP addressing 37, and return a page 38 that whether needs to rebulid access request to the requestor, requestor such as need continue visit 39, then need propose access request again, system calls access request automatically and handles 1; As in the timer timing imperfect tense, the requestor applies for finishing this visit 33, and then interworking agent discharges its dynamic IP addressing 37, finishes.
As Fig. 5, after access object and the interviewed object network port by separately begins communication, interworking agent is that access object and interviewed object are set up exchanges data 4, interworking agent is this communication setting data exchange ways 41, when the data exchange ways that is provided be hard exchange 42, swap data is by the hardware realization of exchange chip group in the interworking agent; When the data exchange ways that is provided with is soft switch 43, be provided with, swap data is realized by interworking agent exchanges data software program; Access object is carried out the resource request operation 44 to interviewed object, and the corresponding operating 45 of interviewed object response access object after operation is finished 46, finishes this visit.
The means of communication between two network ports of access object and interviewee also are subjected to other restriction of access rights level, the handling process of its access rights processing 5 as shown in Figure 6, access rights rank 23 operations of obtaining the requestor are arranged in authentication-access request processing 2, and the access rights of access object are divided into one-level access rights and second-level access authority; The network port of interviewee in advance and access object set up escape way 3, when other access object also in visit during same interviewee, interworking agent at first can the test access object access rights 51, access rights as access object are one-level access rights 52, interworking agent detects second network port that interviewed object has and takies situation 53, occupied as second network port, then cut off ongoing second-level access authority user's visit 54, allow this visit 55, enter and set up escape way processing 3; As second network port free time, allow this visit 55 equally, enter and set up escape way processing 3; When the access rights of access object are second-level access authority 56, interworking agent detects second network port that interviewed object has and takies situation 57, as second network port free time, then allows this visit, enters to set up escape way and handle 3; Occupied as second network port, then this visit failure 58 finishes.Like this, occur as emergency, the calling party with one-level authority has the highest access priority, and when the calling party with one-level authority carried out safety communication with interviewee, other access objects had no right to interfere; Such method makes the communication between two separate networks become safer, hommization more.
Another aspect of the present invention provides a kind of device of realizing the safe intercommunication method between above-mentioned two separate networks, this device includes: at least two network ports, the network port of the access object in one of them network port and the separate network links to each other, and the network port of the interviewed object in another network port and another separate network links to each other; Preserve the authority management module of the access rights of access object; Check the access rights of access object and set up access object and interviewed object between the access control module of communication; Set up the exchange control management module of visit routed path for access object; Realize the Switching Module of exchanges data between access object and the interviewed object; The control access object is visited the timer of interviewed object time, and above-mentioned each functional module is arranged in the same box, sees for details shown in Figure 7.
Claims (7)
1. the safe intercommunication method between two separate networks, at least include one and be in the intrasystem access object of accesses network with first network port, one is in the interviewed object with second network port in another independently interviewed network system, it is characterized in that: also include an interworking agent with at least two network ports, one of them network port links to each other with first network port of described access object; Another network port links to each other with second network port of interviewed elephant, and the safe intercommunication method between described two separate networks may further comprise the steps:
Step 1: access object proposes access request, submits interviewed image parameter and resource request requirement to;
Step 2: interworking agent receives the access rights and the resource request requirement of access object;
Step 3: the access rights of interworking agent authentication-access object and resource request requirement, confirm whether access object has authority that is connected to interviewed object and the specific operation that interviewed object is carried out described resource request requirement, the access rights or the access object of not visiting interviewed object as access object do not allow it to carry out described specific operation on interviewed equipment, and then this access request will not be set up; When access object had the access rights of the interviewed object of visit and has on interviewed equipment the described specific operation of execution simultaneously, this access request was set up successfully.
Step 4: set up successfully as this access request, interworking agent is specified routed path for this visit, and be that communication channel is set up in visit, simultaneously, interworking agent is set with the timer of a Fixed Time Interval for this time visit, when this visit beginning, the timer of described Fixed Time Interval picks up counting, and timing finishes, and this visit is forced to disconnect, continue visit as need, then need propose access request again;
Step 5: after routed path is set up successfully, begin communication between first network port of access object and second network port of interviewed object;
Step 6: interworking agent is that access object and interviewed object are set up exchanges data, and access object is carried out the resource request operation to interviewed object, after operation is finished, finishes this visit.
2. the safe intercommunication method between two separate networks according to claim 1 is characterized in that: the means of communication in the described step 5 between second network port of first network port of access object and interviewed object may further comprise the steps:
Step (one): the access rights of access object are divided into one-level access rights and second-level access authority;
Step (two): the access rights of interworking agent test access object; Access rights as access object are the one-level access rights, interworking agent detects second network port that interviewed object has and takies situation, as second network port free time, then allow this visit, occupied as second network port, then cut off ongoing second-level access authority user's visit, allow this visit; Access rights as access object are the second-level access authority, and interworking agent detects second network port that interviewed object has and takies situation, as second network port free time, then allows this visit, and is occupied as second network port, then this visit failure.
3. the safe intercommunication method between two separate networks according to claim 1, it is characterized in that: the data exchange ways of interworking agent is hard exchange in the described step 6, interworking agent is provided with the exchange chip group, and swap data is realized by the hardware of exchange chip group.
4. the safe intercommunication method between two separate networks according to claim 1, it is characterized in that: the data exchange ways of interworking agent is soft switch in the described step 6, interworking agent is provided with the exchanges data software program, and swap data is realized by software program.
5. according to the safe intercommunication method between described two separate networks of the arbitrary claim of claim 1~4, it is characterized in that: described interworking agent is preserved the access rights database of record of a plurality of access objects in advance, in the described step 3, thereby access rights and the resource request of interworking agent by the access object that receives requires to require to compare the authentication-access object with access rights that are kept at corresponding object in the database in advance and resource request and whether has the authority that is connected to interviewed object and whether have right interviewed object is carried out the specific operation that described resource request requires, identical as both comparative results, then this access request is by checking, access rights and resource request if any access object require have any one comparative result inequality, and then this access request can not be by checking.
6. device of realizing the safe intercommunication method between two separate networks as claimed in claim 1, it is characterized in that: described device includes:
At least two network ports; The network port of the access object in one of them network port and the separate network links to each other; The network port of the interviewed object in another network port and another separate network links to each other;
One preserves the authority management module of the access rights of access object;
One check the access rights of access object and set up access object and interviewed object between the access control module of communication;
One exchange control management module for access object foundation visit routed path;
One realizes the Switching Module of exchanges data between access object and the interviewed object;
One control access object is visited the timer of interviewed object time.
7. device according to claim 6 is characterized in that: described device includes a data memory module of depositing the access rights database of record.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2007101539989A CN100518127C (en) | 2007-08-24 | 2007-09-18 | Safe intercommunication method and apparatus between two isolated networks |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710045238.6 | 2007-08-24 | ||
| CNA2007100452386A CN101106511A (en) | 2007-08-24 | 2007-08-24 | A secure intercommunication method and device between two independent networks |
| CNB2007101539989A CN100518127C (en) | 2007-08-24 | 2007-09-18 | Safe intercommunication method and apparatus between two isolated networks |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101132344A true CN101132344A (en) | 2008-02-27 |
| CN100518127C CN100518127C (en) | 2009-07-22 |
Family
ID=39129475
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2007101539989A Expired - Fee Related CN100518127C (en) | 2007-08-24 | 2007-09-18 | Safe intercommunication method and apparatus between two isolated networks |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100518127C (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102664738A (en) * | 2012-04-24 | 2012-09-12 | 东方钢铁电子商务有限公司 | Multi-stage data verification system and verification method |
| CN103944883A (en) * | 2014-03-19 | 2014-07-23 | 华存数据信息技术有限公司 | System and method for cloud application access control under cloud computing environment |
| CN104580154A (en) * | 2014-12-09 | 2015-04-29 | 上海斐讯数据通信技术有限公司 | Web service security access method, system and corresponding server |
| CN104717192A (en) * | 2013-12-16 | 2015-06-17 | 腾讯科技(深圳)有限公司 | Validity verification method and intermediate server |
| CN105824283A (en) * | 2015-01-22 | 2016-08-03 | 欧姆龙株式会社 | Programmable display |
| CN106603622A (en) * | 2016-11-02 | 2017-04-26 | 深圳中盛智兴科技有限公司 | Information releasing and receiving device, method and system |
| CN108183833A (en) * | 2017-11-29 | 2018-06-19 | 努比亚技术有限公司 | A kind of response processing method, device and computer readable storage medium |
| CN109376557A (en) * | 2018-10-16 | 2019-02-22 | 万达信息股份有限公司 | A kind of Information Security Management System |
| CN114240347A (en) * | 2021-12-08 | 2022-03-25 | 中国建设银行股份有限公司 | Business service secure docking method and device, computer equipment and storage medium |
-
2007
- 2007-09-18 CN CNB2007101539989A patent/CN100518127C/en not_active Expired - Fee Related
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102664738A (en) * | 2012-04-24 | 2012-09-12 | 东方钢铁电子商务有限公司 | Multi-stage data verification system and verification method |
| CN104717192B (en) * | 2013-12-16 | 2018-05-18 | 腾讯科技(深圳)有限公司 | Legality identification method and intermediate server |
| CN104717192A (en) * | 2013-12-16 | 2015-06-17 | 腾讯科技(深圳)有限公司 | Validity verification method and intermediate server |
| WO2015090042A1 (en) * | 2013-12-16 | 2015-06-25 | Tencent Technology (Shenzhen) Company Limited | A validity verification method and intermediate server |
| CN103944883A (en) * | 2014-03-19 | 2014-07-23 | 华存数据信息技术有限公司 | System and method for cloud application access control under cloud computing environment |
| CN103944883B (en) * | 2014-03-19 | 2017-08-11 | 华存数据信息技术有限公司 | The system and method for cloud application access control under a kind of cloud computing environment |
| CN104580154A (en) * | 2014-12-09 | 2015-04-29 | 上海斐讯数据通信技术有限公司 | Web service security access method, system and corresponding server |
| CN105824283A (en) * | 2015-01-22 | 2016-08-03 | 欧姆龙株式会社 | Programmable display |
| CN106603622A (en) * | 2016-11-02 | 2017-04-26 | 深圳中盛智兴科技有限公司 | Information releasing and receiving device, method and system |
| CN108183833A (en) * | 2017-11-29 | 2018-06-19 | 努比亚技术有限公司 | A kind of response processing method, device and computer readable storage medium |
| CN109376557A (en) * | 2018-10-16 | 2019-02-22 | 万达信息股份有限公司 | A kind of Information Security Management System |
| CN109376557B (en) * | 2018-10-16 | 2022-03-25 | 万达信息股份有限公司 | Information security management system |
| CN114240347A (en) * | 2021-12-08 | 2022-03-25 | 中国建设银行股份有限公司 | Business service secure docking method and device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100518127C (en) | 2009-07-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100518127C (en) | Safe intercommunication method and apparatus between two isolated networks | |
| CN101106511A (en) | A secure intercommunication method and device between two independent networks | |
| US6199113B1 (en) | Apparatus and method for providing trusted network security | |
| EP1311930B1 (en) | System and method for authenticating a user to a web server | |
| KR100194252B1 (en) | Method and apparatus for improving mutual authentication, and computer readable program product | |
| CA2673950C (en) | Cascading authentication system | |
| US6237037B1 (en) | Method and arrangement relating to communications systems | |
| US7496949B2 (en) | Network system, proxy server, session management method, and program | |
| US20100077469A1 (en) | Single Sign On Infrastructure | |
| EP2212821A1 (en) | Methods and systems for user authorization | |
| CN103404103A (en) | System and method for combining an access control system with a traffic management system | |
| JP2000122974A (en) | Network system, command use authority control method and storage medium storing control program | |
| CN105554098A (en) | Device configuration method, server and system | |
| CN107113319A (en) | Method, device, system and the proxy server of response in a kind of Virtual Networking Computing certification | |
| CN102111406A (en) | Authentication method, system and DHCP proxy server | |
| CN107888589A (en) | A kind of method and its system for calling trusted application | |
| CN107534664A (en) | For the multifactor mandate for the network for enabling IEEE 802.1X | |
| CN109962892A (en) | A kind of authentication method and client, server logging in application | |
| CN106209727A (en) | A kind of session access method and apparatus | |
| CN103152351A (en) | Network equipment and AD (Active Directory) domain single sign on method and system | |
| CN1783780B (en) | Method and device for realizing domain authorization and network authority authorization | |
| CN112202813A (en) | Network access method and device | |
| CN104579741B (en) | Business management system | |
| CN111680277A (en) | Enterprise application login system based on unified identity authentication mechanism | |
| Wang et al. | Secure smart environments: Security requirements, challenges and experiences in pervasive computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090722 |