CN109450959A - A kind of multiple-factor identity identifying method based on threat level - Google Patents
A kind of multiple-factor identity identifying method based on threat level Download PDFInfo
- Publication number
- CN109450959A CN109450959A CN201910016422.0A CN201910016422A CN109450959A CN 109450959 A CN109450959 A CN 109450959A CN 201910016422 A CN201910016422 A CN 201910016422A CN 109450959 A CN109450959 A CN 109450959A
- Authority
- CN
- China
- Prior art keywords
- authentication
- threat
- factor
- certification
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of multiple-factor identity identifying method based on threat level, follows the steps below: establishing Model of Identity Authentication System;Carry out business activity threat analysis;Generate certification policy;Carry out safety certification.The present invention is directed to the deficiency of current identification authentication mode, provides a kind of multiple-factor identity identifying method based on threat level, based on level of security threat different in application scenarios when applying, the method for formulating respective identity certification policy;According to authentication strategy, propose that a kind of flexible multiple-factor Model of Identity Authentication System of mechanism, the model use modularized design, can flexibly replace as needed;Based on the parameters weighting in certification policy, it is proposed certification template method, this method comprehensively considers threat level, authentication strength, calculates the factors such as cost, time, convenience, the corresponding authentication module of adaptive dynamic select, by the Interface design of standard and integrated, the multiple-factor authentication for meeting different safety class demand is neatly made.
Description
Technical field
The present invention relates to authentications, and in particular to a kind of multiple-factor identity identifying method based on threat level.
Background technique
With the fast development of cyberspace the relevant technologies, the security situation faced is more and more severeer, root it was found that
81.1% security incident is all related with identity, and the activity such as identity theft, destruction, forged identity is increasingly frequent.But it is traditional
In network authentication method, used authentication mode is often single, simple, in face of growing network query function ability,
Miscellaneous network attack, original some security solutions are increasingly difficult to there is biggish security risk to meet
Current safety application demand.Therefore, critical component and safe foundation stone of the authentication as information system, needs further to study
More efficient, safe identity identifying technology and mechanism provide peace to ensure the safety with enhancement information system for user out
Entirely, convenient and fast identity authentication service.
Certification also known as identifies, identifies or confirms, including authentication and message authentication.It is whether true to entity institute alleged identity
Real verifying, referred to as authentication, for guarantee authentication firmly believe its just with desired entity communication;To data source and its
The verifying of message integrity, referred to as message authentication, also referred to as data source authentication, to guarantee data in transmission and storing process not
It is tampered, resets or postpones.Certification is the basis of confidentiality, integrality, availability.
There are various ways to the identity authentication method of user, main includes three kinds: first, to letter known to user
Breath is to prove identity, such as user name password, PIN, gesture password, geographical location etc.;Second, anything gathered around to user is come
Prove identity, such as identity card, driving license, passport, PKI digital certificate, credit card, hardware dynamic token, smart card etc.;Third
Kind, proof identity, such as the life of iris, fingerprint, vocal print, palmmprint, shape of face, DNA, vein are carried out to biological characteristic possessed by user
Manage the behavioural characteristics such as feature and gait, signature, keystroke.
In existing identity authentication scheme, single account number cipher identification authentication mode is widely used, password is by user
A string of static datas of oneself setting, even if using the storage of Hash hash plus salt (Salt) encryption storage etc. on backstage
Technology, but in the other links of verification process is easy to be intercepted and cracked by hacker, there is be stolen, Brute Force, playback
The security risks such as attack, once password is revealed, it is possible to pretended to be by illegal node.In addition, when user possesses multiple account number ciphers
When, it needs periodically to change password, will increase the complexity of user's operation and maintenance.
Two, using in PKI/CA Public Key Infrastructure identification authentication mode, there are certification authority (Certificate
Authority, CA) illegal certificate may be issued, bring man-in-the-middle attack security risk, such as in 2011, Dignitary
CA has just issued the illegal certificate of Google, which is used to attempt to carry out Google user man-in-the-middle attack, this
Behavior can jeopardize the safety of whole system.
Three, in existing some schemes, identification authentication mode is just fixed in design, user's registration, is not accounted for and is
The variation of the following complicated applications environment of system and user experience, authentication mode are not flexible.As the application environment of systems face is got over
Come it is more complicated, security strategy needs be adjusted flexibly.Such as quick authentication (Fast Identity Online, FIDO) on line
In scheme, in the system user registration stage, specific authentication method is determined that, usually in the base for retaining password authentification mode
On plinth, selection and a kind of fixed biological characteristic, hardware device personal identification method.
Therefore, in existing most variations, using monofactor or fixed multiple-factor authentication method, there is certain
Security risk, cannot flexibly cope with security threat in different application scene, effectively make and meet different safety class demand
Identity identifying method.
Summary of the invention
The present invention is directed to the deficiency of current identification authentication mode, provides a kind of multiple-factor authentication based on threat level
Method, based on level of security threat different in application scenarios when applying, before overall balance considers ease for use, safety
Put, set flexible authentication strategy, adaptive dynamic uses different authentication templates, reach safely, conveniently, spirit
Authentication effect living proposes a kind of based on level of security threat different in different application scene, formulation respective identity certification
The method of strategy;According to authentication strategy, propose that a kind of flexible multiple-factor Model of Identity Authentication System of mechanism, the model use mould
Blockization design, independently controllably designs convenient for authentication module, can flexibly replace as needed;Based on the parameter power in certification policy
Weight, proposes certification template method, this method comprehensively consider threat level, authentication strength, calculate cost, the time, convenience etc. because
Element, the adaptive corresponding authentication module of dynamic select neatly make satisfaction not TongAn by the Interface design of standard and integrated
The multiple-factor authentication of full level requirements.
The present invention is achieved through the following technical solutions:
A kind of multiple-factor identity identifying method based on threat level, follows the steps below:
A, Model of Identity Authentication System is established, the Model of Identity Authentication System includes business activity part, threat detection and processing unit
Divide and multiple-factor authentication part;
B, identity-based authentication model carries out business activity threat analysis, forms service security and threatens parameter;
C, parameter is threatened according to the service security of formation, impend detection and processing, generates certification policy;
D, according to the certification policy of generation, safety certification is carried out.
Further, a kind of multiple-factor identity identifying method based on threat level, the business activity portion in the step A
Point, it is used for analysis system architecture, security boundary, operation flow, key modules, formulates appraisal procedure, identifying needs identity
The functional module of certification, to module impend identification, threat level classification, threaten quantify, and for the threat detection and place
Reason part provides parameter, and the parameter includes business module number, threat level, threatens possibility, threatens severity and recognize
Demonstrate,prove technical difficulty.
Further, a kind of multiple-factor identity identifying method based on threat level, the business activity part are to threaten
Detection provides the detailed process of parameter with processing part are as follows: the parameter that need to be provided is carried out quantification treatment, and is described as parameter sequence
Column < Tid, TC, P, D, A >, wherein TidFor business module number, TCFor the classification of business threat level, P is to threaten possibility quantization
Value, D are to threaten severity quantification value, and A is the quantized value of authentication techniques complexity.
Further, a kind of multiple-factor identity identifying method based on threat level, threat detection in the step A with
Parameter of the processing part for being provided according to business activity part, calculates the movable threat quantized value V of authentication, specifically: V
=P × D × A, according to the authentication strategy for threatening quantized value V selection respective strengths;Threat detection is also used to processing part
It is threatened according to service security different in application environment, authenticates log recording in conjunction with history in log library, this time safety is recognized for judgement
Whether card is abnormal, the authentication module for using respective strengths is determined after comprehensive analysis, while being stored in strategy for certification policy is generated
In library, while being sent to multiple-factor authentication part.
Further, a kind of multiple-factor identity identifying method based on threat level, the authentication module include number card
Book authentication module, static password authentication module, dynamic password authentication module, cipher authentication module, biological identification module, IC card are recognized
Demonstrate,prove module.
Further, a kind of multiple-factor identity identifying method based on threat level, the multiple-factor certification in the step A
Module is based on user experience, selects multiple authentication modules, and completes the authentication strength assessment of each authentication module;It is described mostly because
Authentication subprocess module calls certification template, dynamically load according to threat detection and the type of service of processing module offer, certification policy
Authentication module;Then the multiple-factor authentication module executes body based on selected certification template, combination producing authentication procedures
Part verification process, and by verification process log recording in log library, it is the threat risk analysis in subsequent authentication procedures
Data source is provided.
Further, a kind of multiple-factor identity identifying method based on threat level, business activity threatens in the step B
The detailed process of analysis are as follows: analyze the type of service of subscriber authentication, extract the safety being arranged by preparatory comprehensive assessment
Threat level forms service security and threatens parameter.
Further, a kind of multiple-factor identity identifying method based on threat level, impend in the step C detection
With the detailed process of processing are as follows: threaten parameter according to service security is formed, the threat level of business is determined, to history in log library
Authentication operation is associated analysis, formulates certification policy.
Further, a kind of multiple-factor identity identifying method based on threat level carries out safety certification in the step D
Detailed process are as follows: according to certification policy is generated, call certification template, form the certification that is made of multiple single-factor authentication modules
Active sequences are detected and are executed to certification activity sequence loops, while will authenticate log recording in log library.
Compared with prior art, the present invention having the following advantages and benefits:
1, the present invention proposes a kind of multiple-factor identity based on threat level by carrying out risk analysis to operation system
Method, dynamically load authentication module make verification process flexibly, fast, while enhancing the safety of system, are a kind of peaces
Entirely, reliably, accurately novel identity identifying method.
2, the present invention in the design while strengthen the system safety, and is sufficiently examined for this important research point of safety
Consider it is user-friendly, make verification process have good user experience, solve existing some technical problems, have weight
The realistic meaning and application value wanted.
3, it the composite can be widely applied among the authentication management of various information system.
Detailed description of the invention
Attached drawing described herein is used to provide to further understand the embodiment of the present invention, constitutes one of the application
Point, do not constitute the restriction to the embodiment of the present invention.In the accompanying drawings:
Fig. 1 is the Model of Identity Authentication System schematic diagram proposed in the present invention;
Fig. 2 is that the present invention is based on the multiple-factor authentication process schematic diagrames of threat level.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below with reference to embodiment and attached drawing, to this
Invention is described in further detail, and exemplary embodiment of the invention and its explanation for explaining only the invention, are not made
For limitation of the invention.
Embodiment
A kind of multiple-factor identity identifying method based on threat level, follows the steps below:
A, Model of Identity Authentication System is established, the Model of Identity Authentication System includes business activity part, threat detection and processing unit
Divide and multiple-factor authentication part is somebody's turn to do as shown in Figure 1, being the composition schematic diagram of the Model of Identity Authentication System based on threat level
Model is mainly made of business activity part, threat detection with part, multiple-factor authentication part etc. is handled, various pieces
Major function is as follows:
The business activity part is used for analysis system architecture, security boundary, operation flow, key modules, formulates
Appraisal procedure identifies the functional module for needing authentication, to module impend identification, threat level classification, threaten quantify,
And provide parameter for the threat detection and processing part, the parameter include business module number, threat level, threaten it is possible
Property, threaten severity and authentication techniques complexity.The business activity part provides ginseng for threat detection and processing part
Several detailed process are as follows: the parameter that need to be provided is subjected to quantification treatment, and is described as argument sequence < Tid, TC, P, D, A >, wherein
TidFor business module number, TCFor the classification of business threat level, P is to threaten possibility quantized value, and D is to threaten severity quantification
Value, A are the quantized value of authentication techniques complexity,
The parameter of the threat detection and processing part for being provided according to business activity part, calculates authentication activity
Threat quantized value V, specifically: V=P × D × A, according to threaten quantized value V selection respective strengths authentication strategy;Prestige
Side of body detection is also used to be threatened according to service security different in application environment from processing part, authenticates day in conjunction with history in log library
Will record judges whether this safety certification is abnormal, the authentication module for using respective strengths is determined after comprehensive analysis, while will give birth to
It is stored in policy library at certification policy, while being sent to multiple-factor authentication part.The authentication module includes number card
Book authentication module, static password authentication module, dynamic password authentication module, cipher authentication module, biological identification module, IC card are recognized
Module is demonstrate,proved,
The multiple-factor authentication module is based on user experience, selects multiple authentication modules, and complete each authentication module
Authentication strength assessment;The multiple-factor authentication module is according to threat detection and the type of service of processing module offer, certification plan
Slightly call certification template, dynamically load authentication module;The multiple-factor authentication module is based on selected certification template, combination producing
Then authentication procedures execute authentication procedures, and by verification process log recording in log library, recognize for subsequent identity
Threat risk analysis during card provides data source;
As shown in Fig. 2, process flow mainly includes three the present invention is based on the multiple-factor authentication process of threat level
Stage: business activity threat analysis, threat detection and processing carry out safety certification by certification policy.
B, identity-based authentication model carries out business activity threat analysis, forms service security and threatens parameter,
The detailed process of the business activity threat analysis are as follows: analyze the type of service of subscriber authentication, extract and pass through
Preparatory comprehensive assessment and the level of security threat being arranged, form service security and threaten parameter;
C, parameter is threatened according to the service security of formation, impend detection and processing, certification policy is generated,
The detailed process of impend detection and the processing are as follows: threaten parameter according to service security is formed, determine business
Threat level, analysis is associated to history authentication operation in log library, formulates certification policy;
D, according to the certification policy of generation, safety certification is carried out.
The detailed process for carrying out safety certification are as follows: according to certification policy is generated, call certification template, formed by multiple
Certification activity sequence loops are detected and are executed, while will authenticate log by the certification activity sequence that single-factor authentication module is constituted
It is recorded in log library.
The invention proposes a kind of multiple-factor Model of Identity Authentication System (the Threat-Based Multi- based on threat level
Factor Authentication, TBMFA), according to different risks and threat using corresponding certification template, and dynamic adds
Carry identifying algorithm module, by " model, template, module " three levels from the lower refinement in top, realize it is adaptive mostly because
Sub- authentication.Business activity threat analysis, threat detection and processing can be divided into according to process flow, multiple-factor strategy identity is recognized
Three parts are demonstrate,proved, application system security effect and user-friendly, enhancing user experience can be promoted by realizing
With the continuous development of information technology, identity identifying technology distinguishes that object is known people's evolution and recognized to account number cipher from ancient times
A variety of authentication modes such as card, digital certificate authentication, biometric authentication, authentication have become determining user resources access, make
With the important technical of permission, to guarantee system and data safely, prevent hacker steal legitimate user's information have it is great
Meaning, identity identifying technology increasingly become the important critical point to guarantee network security.
It the features such as change easy to use, at low cost, easy due to account number cipher identification authentication mode, has obtained at present extensively
Using, but there is some potential safety problemss, such as static password not to only maintain complexity, and its safety for the authentication mode
Property rely solely on the complexity of password, as network calculates the continuous improvement of power, dictionary attack cannot be successfully managed, exhaustion is attacked
It hits, the network attacks such as Replay Attack, man-in-the-middle attack.In other authentication methods, there is also some safe weak spots, such as
In PKI/CA certification, if CA issues illegal certificate, the hidden danger of man-in-the-middle attack can be brought.Therefore, in cybertimes, list
One authentication means are simply fixed serial multi-factor method and are increasingly difficult to meet current security application demand, one
In a little application environments, in order to enhance the safety of system, need using the new multiple-factor authentication side based on threat level
Method.
The present invention proposes a kind of multiple-factor identity side based on threat level by carrying out risk analysis to operation system
Method, dynamically load authentication module make verification process flexibly, fast, while enhancing the safety of system, are a kind of peaces
Entirely, reliably, accurately novel identity identifying method.In cybertimes, safety and a convenient always contradictory topic, and
The hot spot of industry research, the present invention are directed to this important research point, in the design while strengthen the system safety, and sufficiently examine
Consider it is user-friendly, make verification process have good user experience, solve existing some technical problems, have weight
The realistic meaning and application value wanted can be widely applied among the authentication management of various information system.
Above-described specific embodiment has carried out further the purpose of the present invention, technical scheme and beneficial effects
It is described in detail, it should be understood that being not intended to limit the present invention the foregoing is merely a specific embodiment of the invention
Protection scope, all within the spirits and principles of the present invention, any modification, equivalent substitution, improvement and etc. done should all include
Within protection scope of the present invention.
Claims (9)
1. a kind of multiple-factor identity identifying method based on threat level, which is characterized in that follow the steps below:
A, establish Model of Identity Authentication System, the Model of Identity Authentication System include business activity part, threat detection and processing part and
Multiple-factor authentication part;
B, identity-based authentication model carries out business activity threat analysis, forms service security and threatens parameter;
C, parameter is threatened according to the service security of formation, impend detection and processing, generates certification policy;
D, according to the certification policy of generation, safety certification is carried out.
2. a kind of multiple-factor identity identifying method based on threat level according to claim 1, which is characterized in that described
Business activity part in step A, is used for analysis system architecture, security boundary, operation flow, key modules, and formulation is commented
Estimate method, identify the functional module for needing authentication, to module impend identification, threat level classification, threaten quantify, and
There is provided parameter for the threat detection and processing part, the parameter include business module number, threat level, threaten it is possible
Property, threaten severity and authentication techniques complexity.
3. a kind of multiple-factor identity identifying method based on threat level according to claim 2, which is characterized in that described
Business activity part provides the detailed process of parameter for threat detection and processing part are as follows: carries out the parameter that need to be provided at quantization
Reason, and it is described as argument sequence < Tid, TC, P, D, A >, wherein TidFor business module number, TCFor the classification of business threat level, P
To threaten possibility quantized value, D is to threaten severity quantification value, and A is the quantized value of authentication techniques complexity.
4. a kind of multiple-factor identity identifying method based on threat level according to claim 2, which is characterized in that described
The parameter of threat detection and processing part for being provided according to business activity part in step A, it is movable to calculate authentication
Quantized value V is threatened, specifically: V=P × D × A, according to the authentication strategy for threatening quantized value V selection respective strengths;It threatens
It detects and is also used to be threatened according to service security different in application environment from processing part, authenticate log in conjunction with history in log library
Record judges whether this safety certification is abnormal, the authentication module for using respective strengths is determined after comprehensive analysis, while will generate
Certification policy is stored in policy library, while being sent to multiple-factor authentication part.
5. a kind of multiple-factor identity identifying method based on threat level according to claim 4, which is characterized in that described
Authentication module include digital certificate authentication module, static password authentication module, dynamic password authentication module, cipher authentication module,
Biological identification module, IC card authentication module.
6. a kind of multiple-factor identity identifying method based on threat level according to claim 4, which is characterized in that described
Multiple-factor authentication module in step A is based on user experience, selects multiple authentication modules, and complete recognizing for each authentication module
Demonstrate,prove strength assessment;The multiple-factor authentication module is according to threat detection and the type of service of processing module offer, certification policy tune
With certification template, dynamically load authentication module;The multiple-factor authentication module is based on selected certification template, combination producing identity
Then verification process executes authentication procedures, and by verification process log recording in log library, is subsequent authentication
Threat risk analysis in journey provides data source.
7. a kind of multiple-factor identity identifying method based on threat level according to claim 1, which is characterized in that described
The detailed process of business activity threat analysis in step B are as follows: analyze the type of service of subscriber authentication, extract by comprehensive in advance
The level of security threat for closing assessment and being arranged forms service security and threatens parameter.
8. a kind of multiple-factor identity identifying method based on threat level according to claim 1, which is characterized in that described
Impend the detailed process of detection and processing in step C are as follows: threatens parameter according to service security is formed, determines the threat of business
Grade is associated analysis to history authentication operation in log library, formulates certification policy.
9. a kind of multiple-factor identity identifying method based on threat level according to claim 1, which is characterized in that described
The detailed process of safety certification is carried out in step D are as follows: according to certification policy is generated, call certification template, formed by multiple Dan Yin
The certification activity sequence of authentication subprocess module composition is detected and is executed to certification activity sequence loops, while will authenticate log recording
In log library.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910016422.0A CN109450959A (en) | 2019-01-08 | 2019-01-08 | A kind of multiple-factor identity identifying method based on threat level |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910016422.0A CN109450959A (en) | 2019-01-08 | 2019-01-08 | A kind of multiple-factor identity identifying method based on threat level |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109450959A true CN109450959A (en) | 2019-03-08 |
Family
ID=65540089
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910016422.0A Pending CN109450959A (en) | 2019-01-08 | 2019-01-08 | A kind of multiple-factor identity identifying method based on threat level |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109450959A (en) |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110661800A (en) * | 2019-09-25 | 2020-01-07 | 北京计算机技术及应用研究所 | Multi-factor identity authentication method supporting guarantee level |
CN111010368A (en) * | 2019-11-11 | 2020-04-14 | 泰康保险集团股份有限公司 | Authority authentication method, device and medium based on authentication chain and electronic equipment |
CN111212066A (en) * | 2019-12-31 | 2020-05-29 | 浙江工业大学 | Dynamic allocation request verification method |
CN111414601A (en) * | 2020-03-27 | 2020-07-14 | 中国人民解放军国防科技大学 | Continuous identity authentication method, system and medium for kylin mobile operating system |
CN111538982A (en) * | 2020-04-27 | 2020-08-14 | 山东远联信息科技有限公司 | Multistage multi-element serial authentication method and system for smart education cloud platform |
CN111695910A (en) * | 2020-06-12 | 2020-09-22 | 中国银行股份有限公司 | Security authentication method and device, storage medium and electronic equipment |
CN112464200A (en) * | 2021-02-02 | 2021-03-09 | 北京安泰伟奥信息技术有限公司 | Authentication risk detection method and system |
CN112671707A (en) * | 2020-11-25 | 2021-04-16 | 紫光云技术有限公司 | Multi-factor fusion authentication identity recognition model based on JWT (just-in-the-word) |
CN113536288A (en) * | 2021-06-23 | 2021-10-22 | 上海派拉软件股份有限公司 | Data authentication method, device, authentication equipment and storage medium |
CN113612771A (en) * | 2021-08-03 | 2021-11-05 | 烽火通信科技股份有限公司 | Protection method and device based on Internet of things authentication |
US11695799B1 (en) | 2021-06-24 | 2023-07-04 | Airgap Networks Inc. | System and method for secure user access and agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links |
US11711396B1 (en) | 2021-06-24 | 2023-07-25 | Airgap Networks Inc. | Extended enterprise browser blocking spread of ransomware from alternate browsers in a system providing agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links |
US11722519B1 (en) | 2021-06-24 | 2023-08-08 | Airgap Networks Inc. | System and method for dynamically avoiding double encryption of already encrypted traffic over point-to-point virtual private networks for lateral movement protection from ransomware |
US11736520B1 (en) * | 2021-06-24 | 2023-08-22 | Airgap Networks Inc. | Rapid incidence agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links |
US11757934B1 (en) | 2021-06-24 | 2023-09-12 | Airgap Networks Inc. | Extended browser monitoring inbound connection requests for agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links |
US11757933B1 (en) | 2021-06-24 | 2023-09-12 | Airgap Networks Inc. | System and method for agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links |
US11916957B1 (en) | 2021-06-24 | 2024-02-27 | Airgap Networks Inc. | System and method for utilizing DHCP relay to police DHCP address assignment in ransomware protected network |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102420800A (en) * | 2010-09-28 | 2012-04-18 | 俞浩波 | Method, system and authentication terminal for accomplishing service by multi-factor identity authentication |
CN102510337A (en) * | 2011-12-15 | 2012-06-20 | 复旦大学 | Quantitative risk and income self-adaptive dynamic multiple-factor authentication method |
CN102799822A (en) * | 2012-07-11 | 2012-11-28 | 中国信息安全测评中心 | Software running security measurement and estimation method based on network environment |
CN105323219A (en) * | 2014-07-01 | 2016-02-10 | 腾讯科技(深圳)有限公司 | Method and device for verifying identity information of user account |
CN106453422A (en) * | 2016-12-08 | 2017-02-22 | 上海众人网络安全技术有限公司 | Dynamic authentication method and system based on mobile terminal |
CN107172049A (en) * | 2017-05-19 | 2017-09-15 | 北京信安世纪科技有限公司 | A kind of intelligent identity identification system |
CN107592308A (en) * | 2017-09-13 | 2018-01-16 | 西安电子科技大学 | A kind of two server multiple-factor authentication method towards mobile payment scene |
US20180255458A1 (en) * | 2017-03-03 | 2018-09-06 | The Boeing Company | System and a computer-implemented method for machine-to-machine authentication of an apparatus |
CN109146240A (en) * | 2018-07-03 | 2019-01-04 | 北京航空航天大学 | A kind of Information Security Risk Assessment Methods and system towards intelligent network connection vehicle |
-
2019
- 2019-01-08 CN CN201910016422.0A patent/CN109450959A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102420800A (en) * | 2010-09-28 | 2012-04-18 | 俞浩波 | Method, system and authentication terminal for accomplishing service by multi-factor identity authentication |
CN102510337A (en) * | 2011-12-15 | 2012-06-20 | 复旦大学 | Quantitative risk and income self-adaptive dynamic multiple-factor authentication method |
CN102799822A (en) * | 2012-07-11 | 2012-11-28 | 中国信息安全测评中心 | Software running security measurement and estimation method based on network environment |
CN105323219A (en) * | 2014-07-01 | 2016-02-10 | 腾讯科技(深圳)有限公司 | Method and device for verifying identity information of user account |
CN106453422A (en) * | 2016-12-08 | 2017-02-22 | 上海众人网络安全技术有限公司 | Dynamic authentication method and system based on mobile terminal |
US20180255458A1 (en) * | 2017-03-03 | 2018-09-06 | The Boeing Company | System and a computer-implemented method for machine-to-machine authentication of an apparatus |
CN107172049A (en) * | 2017-05-19 | 2017-09-15 | 北京信安世纪科技有限公司 | A kind of intelligent identity identification system |
CN107592308A (en) * | 2017-09-13 | 2018-01-16 | 西安电子科技大学 | A kind of two server multiple-factor authentication method towards mobile payment scene |
CN109146240A (en) * | 2018-07-03 | 2019-01-04 | 北京航空航天大学 | A kind of Information Security Risk Assessment Methods and system towards intelligent network connection vehicle |
Cited By (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110661800A (en) * | 2019-09-25 | 2020-01-07 | 北京计算机技术及应用研究所 | Multi-factor identity authentication method supporting guarantee level |
CN111010368A (en) * | 2019-11-11 | 2020-04-14 | 泰康保险集团股份有限公司 | Authority authentication method, device and medium based on authentication chain and electronic equipment |
CN111010368B (en) * | 2019-11-11 | 2022-03-08 | 泰康保险集团股份有限公司 | Authority authentication method, device and medium based on authentication chain and electronic equipment |
CN111212066B (en) * | 2019-12-31 | 2022-04-01 | 浙江工业大学 | Dynamic allocation request verification method |
CN111212066A (en) * | 2019-12-31 | 2020-05-29 | 浙江工业大学 | Dynamic allocation request verification method |
CN111414601A (en) * | 2020-03-27 | 2020-07-14 | 中国人民解放军国防科技大学 | Continuous identity authentication method, system and medium for kylin mobile operating system |
CN111414601B (en) * | 2020-03-27 | 2023-10-03 | 中国人民解放军国防科技大学 | Continuous identity authentication method, system and medium for kylin mobile operation system |
CN111538982A (en) * | 2020-04-27 | 2020-08-14 | 山东远联信息科技有限公司 | Multistage multi-element serial authentication method and system for smart education cloud platform |
CN111538982B (en) * | 2020-04-27 | 2023-04-14 | 山东远联信息科技有限公司 | Multistage multi-element serial authentication method and system for smart education cloud platform |
CN111695910A (en) * | 2020-06-12 | 2020-09-22 | 中国银行股份有限公司 | Security authentication method and device, storage medium and electronic equipment |
CN111695910B (en) * | 2020-06-12 | 2023-11-21 | 中国银行股份有限公司 | Security authentication method and device, storage medium and electronic equipment |
CN112671707A (en) * | 2020-11-25 | 2021-04-16 | 紫光云技术有限公司 | Multi-factor fusion authentication identity recognition model based on JWT (just-in-the-word) |
CN112464200A (en) * | 2021-02-02 | 2021-03-09 | 北京安泰伟奥信息技术有限公司 | Authentication risk detection method and system |
CN112464200B (en) * | 2021-02-02 | 2021-09-21 | 北京安泰伟奥信息技术有限公司 | Authentication risk detection method and system |
CN113536288A (en) * | 2021-06-23 | 2021-10-22 | 上海派拉软件股份有限公司 | Data authentication method, device, authentication equipment and storage medium |
CN113536288B (en) * | 2021-06-23 | 2023-10-27 | 上海派拉软件股份有限公司 | Data authentication method, device, authentication equipment and storage medium |
US11695799B1 (en) | 2021-06-24 | 2023-07-04 | Airgap Networks Inc. | System and method for secure user access and agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links |
US11711396B1 (en) | 2021-06-24 | 2023-07-25 | Airgap Networks Inc. | Extended enterprise browser blocking spread of ransomware from alternate browsers in a system providing agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links |
US11722519B1 (en) | 2021-06-24 | 2023-08-08 | Airgap Networks Inc. | System and method for dynamically avoiding double encryption of already encrypted traffic over point-to-point virtual private networks for lateral movement protection from ransomware |
US11736520B1 (en) * | 2021-06-24 | 2023-08-22 | Airgap Networks Inc. | Rapid incidence agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links |
US11757934B1 (en) | 2021-06-24 | 2023-09-12 | Airgap Networks Inc. | Extended browser monitoring inbound connection requests for agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links |
US11757933B1 (en) | 2021-06-24 | 2023-09-12 | Airgap Networks Inc. | System and method for agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links |
US11916957B1 (en) | 2021-06-24 | 2024-02-27 | Airgap Networks Inc. | System and method for utilizing DHCP relay to police DHCP address assignment in ransomware protected network |
CN113612771A (en) * | 2021-08-03 | 2021-11-05 | 烽火通信科技股份有限公司 | Protection method and device based on Internet of things authentication |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109450959A (en) | A kind of multiple-factor identity identifying method based on threat level | |
CN107257336A (en) | A kind of user authen method and system | |
EP2513834B1 (en) | System and method for verifying the identity of an individual by employing biometric data features associated with the individual as well as a computer program product for performing said method | |
US8631486B1 (en) | Adaptive identity classification | |
JPWO2003069489A1 (en) | Identification method | |
CN109040139A (en) | A kind of identity authorization system and method based on block chain and intelligent contract | |
CN110661800A (en) | Multi-factor identity authentication method supporting guarantee level | |
Parmar et al. | A comprehensive study on passwordless authentication | |
Lovisotto et al. | Mobile biometrics in financial services: A five factor framework | |
CN107733636A (en) | Authentication method and Verification System | |
CN108600213A (en) | The compound identity authorization system of compound identity identifying method and application this method | |
Gao | Biometric authentication in smart grid | |
JP2010165323A (en) | Biometric authentication method and system | |
CN112039665A (en) | Key management method and device | |
Toli et al. | Privacy-preserving biometric authentication model for e-finance applications | |
WO2022042745A1 (en) | Key management method and apparatus | |
Cavoukian et al. | Keynote paper: Biometric encryption: Technology for strong authentication, security and privacy | |
CN106022037A (en) | Financial terminal authentication method and device | |
CN110516427B (en) | Terminal user identity authentication method and device, storage medium and computer equipment | |
Sahdev et al. | Behavioral biometrics for adaptive authentication in digital banking-guard against flawless privacy | |
Ueshige et al. | A Proposal of One-Time Biometric Authentication. | |
CN110321687A (en) | A kind of personal identification method | |
CN105550558B (en) | A kind of fingerprint reading method and user equipment | |
Edwards et al. | FFDA: A novel four-factor distributed authentication mechanism | |
De et al. | Trusted cloud-and femtocell-based biometric authentication for mobile networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190308 |
|
RJ01 | Rejection of invention patent application after publication |