CN106992976B - Network security management method and server - Google Patents
Network security management method and server Download PDFInfo
- Publication number
- CN106992976B CN106992976B CN201710183238.6A CN201710183238A CN106992976B CN 106992976 B CN106992976 B CN 106992976B CN 201710183238 A CN201710183238 A CN 201710183238A CN 106992976 B CN106992976 B CN 106992976B
- Authority
- CN
- China
- Prior art keywords
- processing file
- authority
- authority processing
- request
- hardware module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Abstract
The invention discloses a network security management method and a server, wherein the method comprises the following steps: when a main body using authority processing file sending request is detected, acquiring the authority processing file; sending the authority processing file to a trusted encryption hardware module; so that the trusted encryption hardware module carries out decryption operation on the authority processing file; and responding to the request of the main body by using the decrypted authority processing file. According to the technical scheme, the authority processing file is decrypted by adopting the trusted encryption hardware module, so that the authority is verified when a main body calls the authority processing file, and the safety of a network is improved.
Description
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a network security management method and a server.
Background
Currently, a common big data system generally adopts a user authority management module to manage the authority of a user. In the security control of the authority by the authority management module, a security mechanism of the database itself is generally adopted to ensure, for example, security verification is performed by logging in the database by using a user name and a password. Typically, the username and password of the database in the rights management module are kept in the database configuration file in the clear. However, once the configuration file is read by an illegal user, the illegal user can directly log in the database to modify the authority processing file stored in the database, and further the data security of the whole big data system is threatened by accessing the authority management module.
Disclosure of Invention
In view of the above, the present invention provides a network security management method and a server for encrypting a rights processing file.
In order to achieve the above object, the present invention provides a network security management method, including:
when a main body using authority processing file sending request is detected, acquiring the authority processing file;
sending the authority processing file to a trusted encryption hardware module; so that the trusted encryption hardware module carries out decryption operation on the authority processing file;
and responding to the request of the main body by using the decrypted authority processing file.
Preferably, the method further comprises:
and when the authority processing file is sent, calling the trusted encryption hardware module to encrypt the authority processing file.
Preferably, before the trusted encryption hardware module performs a decryption operation on the authority processing file, the method further includes:
obtaining a first judgment result according to the identity authentication information of the request;
and when the first judgment result shows that the request has legal identity authentication information, the trusted and encryptable hardware module carries out decryption operation on the authority processing file.
Preferably, the method further comprises:
verifying the access authority of the request to obtain a second judgment result;
and responding to the request according to the access authority of a main body when the second judgment result shows that the request has the access authority.
The invention also provides a network security management method, which comprises the following steps:
when detecting that a main body sends an operation request for an authority processing file, performing authentication operation on the main body;
sending an operation response to the authority processing file to a main body according to the authentication information of the main body obtained by the authentication operation;
sending the authority processing file after the main body operation to a trusted encryption hardware module; so that the trusted encryption hardware module carries out encryption operation on the authority processing file; and storing.
Preferably, the performing of the authentication operation on the subject includes:
sending the authority processing file to a trusted encryption hardware module;
the trusted encryption hardware module carries out decryption operation on the authority processing file;
and performing authentication operation by using the decrypted authority processing file.
Preferably, the sending of the operation response to the authority processing file to the one principal includes:
calling the authority processing file to perform decryption operation on the authority processing file;
operating the authority processing file according to the content of the operation request;
and sending an operation result to the main body.
The present invention also provides a server comprising:
the processor is configured to acquire the authority processing file and send the authority processing file to the trusted encryption hardware module when a main body use authority processing file sending request is detected;
the trusted encryption hardware module is configured to decrypt the authority processing file;
wherein the processor is further configured to respond to the request of the subject with the decrypted rights processing file.
Preferably, the method comprises the following steps:
the processor is further configured to call the trusted encryption hardware module to encrypt the authority processing file when the authority processing file is sent.
Preferably, the method comprises the following steps:
the processor is further configured to: before the trusted encryption hardware module carries out decryption operation on the authority processing file, a first judgment result is obtained according to the identity authentication information of the request, and when the first judgment result shows that the request has legal identity authentication information, the trusted encryption hardware module carries out decryption operation on the authority processing file.
Compared with the prior art, the invention has the following beneficial effects: according to the technical scheme, the authority processing file is decrypted by adopting the trusted encryption hardware module, so that the authority is verified when a main body calls the authority processing file, and the safety of a network is improved.
Drawings
FIG. 1 is a flowchart of a first embodiment of a network security management method according to the present invention;
fig. 2 is a schematic view of an application scenario of the network security management method according to an embodiment of the present invention;
FIG. 3 is a flowchart of a third embodiment of a network security management method according to the present invention;
fig. 4 is a schematic diagram of a server according to a first embodiment of the present invention.
Detailed Description
Various aspects and features of the disclosure are described herein with reference to the drawings.
It will be understood that various modifications may be made to the embodiments disclosed herein. Accordingly, the foregoing description should not be construed as limiting, but merely as exemplifications of embodiments. Other modifications will occur to those skilled in the art within the scope and spirit of the disclosure.
The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate embodiments of the disclosure and, together with a general description of the disclosure given above, and the detailed description of the embodiments given below, serve to explain the principles of the disclosure.
These and other characteristics of the invention will become apparent from the following description of a preferred form of embodiment, given as a non-limiting example, with reference to the accompanying drawings.
It should also be understood that, although the invention has been described with reference to some specific examples, a person of skill in the art shall certainly be able to achieve many other equivalent forms of the invention, having the characteristics as set forth in the claims and hence all coming within the field of protection defined thereby.
The above and other aspects, features and advantages of the present disclosure will become more apparent in view of the following detailed description when taken in conjunction with the accompanying drawings.
Specific embodiments of the present disclosure are described hereinafter with reference to the accompanying drawings; however, it is to be understood that the disclosed embodiments are merely examples of the disclosure that may be embodied in various forms. Well-known and/or repeated functions and structures have not been described in detail so as not to obscure the present disclosure with unnecessary or unnecessary detail. Therefore, specific structural and functional details disclosed herein are not to be interpreted as limiting, but merely as a basis for the claims and as a representative basis for teaching one skilled in the art to variously employ the present disclosure in virtually any appropriately detailed structure.
The specification may use the phrases "in one embodiment," "in another embodiment," "in yet another embodiment," or "in other embodiments," which may each refer to one or more of the same or different embodiments in accordance with the disclosure.
The current big data cluster is provided with authority management modules, and the authority management modules use a main stream database to store authority processing files of the main bodies in the cluster. Thus, data security of the authority processing file of the principal in the storage cluster becomes important. If the identity authentication can be carried out by means of the user name and the password when the main body wants to log in the database, the user name and the password are usually stored in the authority processing file in a plaintext form, and if the authority processing file is read by a third party and illegal data access is further caused, danger is brought to network security. Therefore, to solve the above problems, embodiments of the present invention provide a method and an apparatus for network security management; further, in order to make the invention more comprehensible, its features and technical contents are described in detail below with reference to the accompanying drawings, which are provided for illustration and are not intended to limit the invention.
Example one
The embodiment provides a network security management method, which is specifically applied to a large data cluster, wherein a plurality of principles (principles) are arranged in the cluster, wherein the principles can be servers, and the principals can communicate with each other. When the management platform of the current cluster manages the authority of each subject, the authority processing files of the subjects are mainly stored in the database, and when any subject wants to use the authority processing files for operation, the authority processing files need to be verified. When a server detects a main body using an authority processing file sending request, acquiring the authority processing file and sending the authority processing file to a trusted encryption hardware module; the trusted encryption hardware module carries out decryption operation on the authority processing file; and responding to the request of the main body if the authority processing file can be decrypted, wherein the main body has the request authority. Because the trusted encryption hardware module is arranged locally, even if an illegal user obtains the authority processing file, the authority processing file cannot be decrypted, and other operations cannot be performed by using the authority processing file. Therefore, the main body needs to have the authority for logging in the database and the authority for operating the authority processing file, and the safety of the network is improved.
Fig. 1 is a flowchart of a first embodiment of a network security management method of the present invention, as shown in fig. 1, the network security management method of this embodiment may specifically include the following steps:
s101: and when a main body using the authority processing file sending request is detected, acquiring the authority processing file.
The execution subject of this embodiment is any server in the cluster. When the server detects that the main body uses the authority processing file to send the request, the authority processing file needs to be verified.
S102: sending the authority processing file to a trusted encryption hardware module; so that the trusted encryption hardware module performs decryption operation on the authority processing file.
The servers in the cluster of this embodiment all comply with this validation rule by convention. And after the server obtains the authority processing file, sending the authority processing file to the trusted encryption hardware module for decryption, and if the decryption is successful, indicating that the main body has the authority to send the request to the server. Meanwhile, the server can acquire other operation authorities of the main body according to the content of the authority processing file obtained after decryption, so that the main body responds to other operation authorities of the main body.
Wherein the rights processing file may include authorization data stored in a database.
The Trusted encryption hardware Module can be a Trusted Cryptography Module (TCM), which is a microcontroller storing keys, passwords and data certificates, and can ensure the security of data stored in the computer without the risk of external software attack or entity stealing.
S103: and responding to the request of the main body by using the decrypted authority processing file.
Specifically, if the main body can perform decryption operation on the authority processing file, it indicates that the main body has the authority to send a request to a server. The server can process the content in the file according to the decrypted authority and make a response of corresponding authority to the main body. For example, if the authority processing file states that the subject has the authority to modify the authorization data in the database of the server, the server may respond to the modification request of the subject.
In one application scenario, as shown in fig. 2, an a agent and a B server in a cluster, the B server having a C database, when the a agent sends a request to the B server to modify data stored in the C database. The server B firstly performs identity verification on the main body A, and then verifies the authority processing file used by the main body A after the main body A passes the identity verification, namely the authority processing file is sent to the trusted encryption hardware module for decryption, and the decrypted authority processing file can obtain the authorization data of the main body A. Therefore, the server B decrypts the authorization data according to the authorization data of the main body A, if the decryption is successful, the server B shows that the authorization data passes the authority verification, and the authorization data can be modified or deleted.
The trusted encryption hardware module of this embodiment is a hardware module that is disposed locally, so when decrypting the authority processing file, the trusted encryption hardware module must be called locally to perform decryption, that is, even if an illegal user obtains the authority processing file, the trusted encryption module of the server cannot be called to decrypt the authority processing file, and thus cannot obtain the authority described in the authority processing file. Thereby protecting the security of the network.
According to the technical scheme, the authority processing file is decrypted by adopting the trusted encryption hardware module, so that the authority is verified when a main body calls the authority processing file, and the safety of a network is improved.
Example two
Based on the method described in the first embodiment, several specific ways of verifying the subject are given in this embodiment.
In the first mode, before the server calls the trusted encryption hardware module to decrypt the authority processing file, the server also needs to perform identity verification on the request to be sent to determine whether the request is legal or not. Obtaining a first judgment result according to the identity authentication information of the request; and when the first judgment result shows that the request has legal identity authentication information, the trusted and encryptable hardware module carries out decryption operation on the authority processing file. For example, in one of the application scenarios, the request has timed out, and the server may not respond to the timed-out request.
In the second mode, after judging that the request is legal, the server also judges whether the request has the access right, namely, the access right of the request is verified, and a second judgment result is obtained; and responding to the request according to the access authority of a main body when the second judgment result shows that the request has the access authority. For example, in another application scenario, if the server determines that the IP address for sending the request is not legal, the server may not respond to the request, and if the request has legal authentication information and the IP address is legal, the server may respond to the content of the request accordingly.
Further, before sending a request to a server by using the authority processing file, the main body calls the trusted encryption hardware module to encrypt the authority processing file when sending the authority processing file.
Specifically, in order to ensure the security of the network, the main body needs to call a local trusted encryption hardware module to perform encryption operation on the permission processing file before sending a request to the server.
According to the technical scheme, the authority processing file is decrypted by adopting the trusted encryption hardware module, so that the authority is verified when a main body calls the authority processing file, and the safety of a network is improved.
EXAMPLE III
The embodiment provides a network security management method, which is specifically applied to a large data cluster, wherein a plurality of principles (principles) are arranged in the cluster, wherein the principles can be servers, and the principals can communicate with each other. When the management platform of the current cluster manages the authority of each subject, the authority processing files of the subjects are mainly stored in the database, and when any subject wants to use the authority processing files for operation, the authority processing files need to be verified. When a server detects a main body using an authority processing file sending request, acquiring the authority processing file and sending the authority processing file to a trusted encryption hardware module; the trusted encryption hardware module carries out decryption operation on the authority processing file; and responding to the request of the main body if the authority processing file can be decrypted, wherein the main body has the request authority. Correspondingly, for the body side, before sending the authority processing file, corresponding encryption processing needs to be performed on the authority processing file to ensure the security of the authority processing file.
Fig. 3 is a flowchart of a third embodiment of the network security management method of the present invention, and as shown in fig. 3, the network security management method of this embodiment may specifically include the following steps:
s301, when detecting that a main body sends an operation request for the authority processing file, performing authentication operation on the main body.
Specifically, the execution main body in this embodiment may be any main body in the cluster, that is, one main direction may acquire the authority processing file from another main body and perform the operation, or may acquire the authority processing file locally and perform the operation, which is not limited herein. In order to ensure the security of the authority processing file, when the main body sends a request, the main body may be authenticated first.
S302, according to the authentication information of a main body obtained by the authentication operation, sending an operation response to the authority processing file to the main body.
Specifically, the authentication information of the subject can be obtained according to the authentication operation of the subject, and if the authentication information indicates that the subject has the access right, the operation of the right processing file is responded. If the authentication information indicates that the principal does not have access rights, the operation to the rights processing file may not be responded to.
S303, sending the authority processing file after the main body is operated to a trusted encryption hardware module; so that the trusted encryption hardware module carries out encryption operation on the authority processing file; and storing.
Specifically, the Trusted encryption hardware Module is a Trusted Cryptography Module (TCM), which is a microcontroller storing keys, passwords, and data certificates, and can ensure the security of data stored in the computer without risk of external software attack or entity theft. The module is arranged locally, namely, the encryption and decryption operations on the authority processing file are performed locally, and even if an illegal user obtains the authority processing file, the encryption and decryption operations cannot be performed on the authority processing file.
In a specific embodiment, a specific manner of performing an authentication operation on the subject is provided, which includes the following steps: a, sending the authority processing file to a trusted encryption hardware module; b, the trusted encryption hardware module carries out decryption operation on the authority processing file; and C, performing authentication operation by using the decrypted authority processing file. In an application scenario, the authority processing file comprises authorization data corresponding to the A main body, the A main body uses the authorization data or performs modification or deletion operation on the authorization data, the authority processing file is sent to the trusted encryption hardware module, the trusted encryption hardware module performs decryption operation on the authority processing file, and if the decryption is successful, the A main body has corresponding authority.
In another specific embodiment, a specific manner of sending an operation response to the authority processing file to the main body is provided, and includes the following steps: d, calling the authority processing file to decrypt the authority processing file; e, operating the authority processing file according to the content of the operation request; and F, sending an operation result to the main body. In an application scenario, a main body A wants to modify data stored in a database of the main body B, when a modification request is sent, a permission processing file is used, the main body B firstly carries out decryption operation on the permission processing file, if the decryption is successful, then according to the permission of the main body A, if the A has the permission to modify the data stored in the database, a response is made to a modification result of the main body A, and if the operation result indicates that the modification is successful.
According to the technical scheme, the authority processing file is decrypted by adopting the trusted encryption hardware module, so that the authority is verified when a main body calls the authority processing file, and the safety of a network is improved.
Example four
The embodiment provides a server, which is a server in a cluster. When the main bodies in the cluster communicate, in order to improve the security of the network, authentication is required for communication between the main bodies, and when the main bodies send an operation request for data, authentication is further required for an authority processing file of the main bodies. Further, as shown in fig. 4, the server includes:
the processor 41 is configured to, when detecting a main body usage right processing file sending request, obtain the right processing file, and send the right processing file to the trusted encryption hardware module;
a trusted encryption hardware module 42 configured to perform a decryption operation on the permission processing file;
wherein the processor is further configured to respond to the request of the subject with the decrypted rights processing file.
In a specific embodiment, the processor 41 is further configured to call the trusted encryption hardware module to encrypt the authority processing file when the authority processing file is sent.
In another specific embodiment, the processor 41 is further configured to: before the trusted encryption hardware module carries out decryption operation on the authority processing file, a first judgment result is obtained according to the identity authentication information of the request, and when the first judgment result shows that the request has legal identity authentication information, the trusted encryption hardware module carries out decryption operation on the authority processing file.
Here, it should be noted that: the description of the embodiment of the electronic device is similar to the description of the method, and has the same beneficial effects as the embodiment of the method, and therefore, the description is omitted. For technical details that are not disclosed in the embodiment of the electronic device of the present invention, those skilled in the art should refer to the description of the embodiment of the method of the present invention to understand that, for the sake of brevity, detailed description is not repeated here.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only a logical functional division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all the functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Alternatively, the integrated unit of the present invention may be stored in a computer-readable storage medium if it is implemented in the form of a software functional module and sold or used as a separate product. Based on such understanding, the technical solutions of the embodiments of the present invention may be essentially implemented or a part contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a mobile storage device, a Read Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Here, it should be noted that: the description of the embodiment of the electronic device is similar to the description of the method, and has the same beneficial effects as the embodiment of the method, and therefore, the description is omitted. For technical details that are not disclosed in the embodiment of the electronic device of the present invention, those skilled in the art should refer to the description of the embodiment of the method of the present invention to understand that, for the sake of brevity, detailed description is not repeated here.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only a logical functional division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all the functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Alternatively, the integrated unit of the present invention may be stored in a computer-readable storage medium if it is implemented in the form of a software functional module and sold or used as a separate product. Based on such understanding, the technical solutions of the embodiments of the present invention may be essentially implemented or a part contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a mobile storage device, a Read Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (8)
1. A network security management method, comprising:
when a main body using authority processing file sending request is detected, acquiring the authority processing file; wherein the permission processing file comprises authorization data stored in a database;
sending the authority processing file to a trusted encryption hardware module; so that the trusted encryption hardware module carries out decryption operation on the authority processing file;
responding to the request of the main body by using the decrypted authority processing file;
before the trusted encryption hardware module performs a decryption operation on the permission processing file, the method further includes:
obtaining a first judgment result according to the identity authentication information of the request;
when the first judgment result shows that the request has legal identity authentication information,
and the trusted encryption hardware module carries out decryption operation on the authority processing file.
2. The method of claim 1, further comprising:
and when the authority processing file is sent, calling the trusted encryption hardware module to encrypt the authority processing file.
3. The method of claim 1, further comprising:
verifying the access authority of the request to obtain a second judgment result;
and responding to the request according to the access authority of a main body when the second judgment result shows that the request has the access authority.
4. A network security management method, comprising:
when detecting that a main body sends an operation request for an authority processing file, performing authentication operation on the main body; wherein the permission processing file comprises authorization data stored in a database;
sending an operation response to the authority processing file to a main body according to the authentication information of the main body obtained by the authentication operation;
sending the authority processing file after the main body operation to a trusted encryption hardware module; so that the trusted encryption hardware module carries out encryption operation on the authority processing file; and storing.
5. The method of claim 4, performing an authentication operation on the subject, comprising:
sending the authority processing file to a trusted encryption hardware module;
the trusted encryption hardware module carries out decryption operation on the authority processing file;
and performing authentication operation by using the decrypted authority processing file.
6. The method of claim 4, sending an operation response to the rights processing file to the principal, comprising:
calling the authority processing file to perform decryption operation on the authority processing file;
operating the authority processing file according to the content of the operation request;
and sending an operation result to the main body.
7. A server, comprising:
the processor is configured to acquire the authority processing file and send the authority processing file to the trusted encryption hardware module when a main body use authority processing file sending request is detected; wherein the permission processing file comprises authorization data stored in a database;
the trusted encryption hardware module is configured to decrypt the authority processing file;
wherein the processor is further configured to respond to the request of the subject with the decrypted permission processing file;
the processor is further configured to: before the trusted encryption hardware module carries out decryption operation on the authority processing file, a first judgment result is obtained according to the identity authentication information of the request, and when the first judgment result shows that the request has legal identity authentication information, the trusted encryption hardware module carries out decryption operation on the authority processing file.
8. The server of claim 7, comprising:
the processor is further configured to call the trusted encryption hardware module to encrypt the authority processing file when the authority processing file is sent.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710183238.6A CN106992976B (en) | 2017-03-24 | 2017-03-24 | Network security management method and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710183238.6A CN106992976B (en) | 2017-03-24 | 2017-03-24 | Network security management method and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106992976A CN106992976A (en) | 2017-07-28 |
| CN106992976B true CN106992976B (en) | 2020-08-25 |
Family
ID=59413448
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710183238.6A Active CN106992976B (en) | 2017-03-24 | 2017-03-24 | Network security management method and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106992976B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102281141A (en) * | 2011-07-26 | 2011-12-14 | 成都市华为赛门铁克科技有限公司 | Document permission management method, apparatus and system |
| CN103034788A (en) * | 2011-10-10 | 2013-04-10 | 上海无戒空间信息技术有限公司 | Verification method and system of electronic readings, server, client and terminal |
| CN103281185A (en) * | 2013-05-08 | 2013-09-04 | 深圳创维数字技术股份有限公司 | Method and system for controlling resource access of terminal |
| CN103780581A (en) * | 2012-10-23 | 2014-05-07 | 江南大学 | Cloud storage-based encrypted file access control system and method |
| CN104023012A (en) * | 2014-05-30 | 2014-09-03 | 北京金山网络科技有限公司 | Method, device and system for scheduling service in cluster |
| CN104580250A (en) * | 2015-01-29 | 2015-04-29 | 成都卫士通信息产业股份有限公司 | System and method for authenticating credible identities on basis of safety chips |
| CN105574429A (en) * | 2015-11-30 | 2016-05-11 | 东莞酷派软件技术有限公司 | File data encryption and decryption method and device and terminal |
| CN106250731A (en) * | 2016-07-21 | 2016-12-21 | 广东芬尼克兹节能设备有限公司 | A kind of user authority control method and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7047416B2 (en) * | 1998-11-09 | 2006-05-16 | First Data Corporation | Account-based digital signature (ABDS) system |
-
2017
- 2017-03-24 CN CN201710183238.6A patent/CN106992976B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102281141A (en) * | 2011-07-26 | 2011-12-14 | 成都市华为赛门铁克科技有限公司 | Document permission management method, apparatus and system |
| CN103034788A (en) * | 2011-10-10 | 2013-04-10 | 上海无戒空间信息技术有限公司 | Verification method and system of electronic readings, server, client and terminal |
| CN103780581A (en) * | 2012-10-23 | 2014-05-07 | 江南大学 | Cloud storage-based encrypted file access control system and method |
| CN103281185A (en) * | 2013-05-08 | 2013-09-04 | 深圳创维数字技术股份有限公司 | Method and system for controlling resource access of terminal |
| CN104023012A (en) * | 2014-05-30 | 2014-09-03 | 北京金山网络科技有限公司 | Method, device and system for scheduling service in cluster |
| CN104580250A (en) * | 2015-01-29 | 2015-04-29 | 成都卫士通信息产业股份有限公司 | System and method for authenticating credible identities on basis of safety chips |
| CN105574429A (en) * | 2015-11-30 | 2016-05-11 | 东莞酷派软件技术有限公司 | File data encryption and decryption method and device and terminal |
| CN106250731A (en) * | 2016-07-21 | 2016-12-21 | 广东芬尼克兹节能设备有限公司 | A kind of user authority control method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106992976A (en) | 2017-07-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5860815B2 (en) | System and method for enforcing computer policy | |
| EP2956852B1 (en) | Data security service | |
| CN106612180B (en) | Method and device for realizing session identification synchronization | |
| WO2016141856A1 (en) | Verification method, apparatus and system for network application access | |
| WO2020000786A1 (en) | Voting method and apparatus, and computer device and computer readable storage medium | |
| CN109361668A (en) | A kind of data trusted transmission method | |
| KR20190067803A (en) | Systems and methods for device authentication | |
| CA2899027C (en) | Data security service | |
| CN102271037A (en) | Key protectors based on online keys | |
| US10237057B2 (en) | Method and system for controlling the exchange of privacy-sensitive information | |
| CN110505055B (en) | External network access identity authentication method and system based on asymmetric key pool pair and key fob | |
| CN106992978B (en) | Network security management method and server | |
| US20170201528A1 (en) | Method for providing trusted service based on secure area and apparatus using the same | |
| CN110519222B (en) | External network access identity authentication method and system based on disposable asymmetric key pair and key fob | |
| WO2022052665A1 (en) | Wireless terminal and interface access authentication method for wireless terminal in uboot mode | |
| CN112261103A (en) | Node access method and related equipment | |
| US20190065770A1 (en) | Credentialed encryption | |
| CN108900595B (en) | Method, device and equipment for accessing data of cloud storage server and computing medium | |
| CN116244750A (en) | Secret-related information maintenance method, device, equipment and storage medium | |
| WO2018121394A1 (en) | Mobile terminal, alarm information acquisition and sending method and device | |
| KR20110128371A (en) | Mobile authentication system and central control system, and the method of operating them for mobile clients | |
| CN106992976B (en) | Network security management method and server | |
| CN108985079B (en) | Data verification method and verification system | |
| CN111669746A (en) | Protection system for information security of Internet of things | |
| CN115529194B (en) | Data management method, system, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |