CN109862024A - A kind of the network authorization protocol access control method and system of cloud management system - Google Patents
A kind of the network authorization protocol access control method and system of cloud management system Download PDFInfo
- Publication number
- CN109862024A CN109862024A CN201910146731.XA CN201910146731A CN109862024A CN 109862024 A CN109862024 A CN 109862024A CN 201910146731 A CN201910146731 A CN 201910146731A CN 109862024 A CN109862024 A CN 109862024A
- Authority
- CN
- China
- Prior art keywords
- storage
- client
- server
- bill
- session key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Computer And Data Communications (AREA)
Abstract
The present invention provides the network authorization protocol access control method and system of a kind of cloud management system, client first requests to obtain storage service bill to certificate server, after client gets storage service bill and storage session key, to storage server requests storage service.Storage server verifies storage service bill and storage session key, after being verified, provides storage service.Here it is equivalent to realize and verify twice, guarantee the information security of storage service and access service.And client is to certificate server application storage service ticket requests, while and sending and pass through the encrypted authentication code of session key.Namely each client has been required to authentication code could access registrar server and then acquisition storage service bill.In conjunction with the characteristics of distributed file system storage, optimization key management, verification process and certificate server;Authentication efficiency and flexibility are improved, while increasing the stability and safety of system.
Description
Technical field
The present invention relates to the network authorization protocol access controls of file processing technology field more particularly to a kind of cloud management system
Method and system processed.
Background technique
As cloud computing and the rise of big data industry and development, various industries relate to, the amount of storage of cloud data is needed
It asks and increases significantly, cloud data storage security mechanism also becomes one piece of important technology in current cloud computing industry, point emerging at present
Cloth storage system brings more advanced cooperation mode by numerous, but also produces simultaneously to distributed file system access
Security risk.How to guarantee that the data in distributed file system are effectively authenticated and access control, and letting out for information is prevented
Dew, is the major issue that current distributed system faces.
Conventional authentication mode used at present includes: the identity identifying technology based on security information, be common are based on mouth
The authentication mode of password is enabled, which is easy to use, but there is the hidden danger for being easy to reveal and pretend to be.
Identity identifying technology based on keepsake, common technology have the UKEY technology based on smart cards for storage key, the skill
Art is mainly used in bank client, and for providing authentication and security protection, but the technology can not be flexibly in cloud computing
It is used in distributed file system.So how to realize effective certification and access control, prevent information leakage be it is current urgently
Technical problem to be solved.
Summary of the invention
In order to realize effective certification and access control, the leakage of information is prevented, guarantees the number in distributed file system
According to effectively being authenticated and access control, authentication efficiency and flexibility are improved, the stability and safety of system are increased.This
Invention provides a kind of network authorization protocol access control method of cloud management system, and method includes:
Step 1, client request to obtain storage service bill to certificate server;
Step 2, the client-based request of certificate server generate and provide storage service bill and storage to client
Session key;
Step 3, storage service bill of the client based on acquisition and storage session key, are deposited to storage server requests
Storage service;
Step 4, storage server verifies storage service bill and storage session key, after being verified, provides storage clothes
Business.
Preferably, before step 1 further include:
Client is permitted to certificate server request bill;
Certificate server verifies the request of client;
After being verified, session key is generated, and create bill;
Bill and session key are issued to the client by certificate server.
Preferably, step client is permitted to certificate server request bill further include:
The key of client is with base64 code storage in local.
Preferably, step 1 further include:
Client and is sent encrypted by session key to certificate server application storage service ticket requests
Authentication code.
Preferably, step 2 further include:
Certificate server generates session key, and generates the bill for requesting storage service, and the use of bill is storage
The private encryption of service, and client is transferred to by session key.
Preferably, step 4 further include:
After storage server verifies storage service bill and storage session key success, it is retrieved as client and storage clothes is provided
The period of business;
Storage server, which will stab the verification time, adds one, and will stab the verification time and an information is added to encrypt to obtain by session key
Timestamp encryption information is sent to client;
Storage server is based on timestamp encryption information, within the storage service period, stores for clients providing data
Service.
A kind of network authorization protocol access control system of cloud management system, comprising: client and is deposited certificate server
Store up server;
Client is used to request to obtain storage service bill to certificate server;
Certificate server generates for client-based request and provides storage service bill and storage meeting to client
Talk about key;
Client is stored to storage server requests and is taken for storage service bill and storage session key based on acquisition
Business;
Storage server after being verified, is mentioned for storage server verifying storage service bill and storage session key
For storage service.
Preferably, certificate server is configured with Kerberos network authorization agreement and ldap directory access protocol;
Storage server is configured with ldap database;
Certificate server and storage server share session key.
Preferably, certificate server is also used to based on ldap directory access protocol and Kerberos network authorization protocol realization
Account, certification and empowerment management;Ldap directory access protocol is used to do account management, and Kerberos network authorization agreement, which is used as, recognizes
Card.
Preferably, client is also used to configure the store-service period carried out between storage server;
Client is based on the store-service period to certificate server request acquisition storage service bill, and based on acquisition
Storage service bill and storage session key, to storage server requests storage service;
After storage server is also used to verify storage service bill and storage session key success, it is retrieved as client offer
The period of storage service;It will stab verification time and add one, and will stab the verification time and an information is added to encrypt to obtain by session key
Timestamp encryption information is sent to client;
Storage server is based on timestamp encryption information, within the storage service period, stores for clients providing data
Service.
As can be seen from the above technical solutions, the invention has the following advantages that
In the present invention, client first requests to obtain storage service bill to certificate server, and client gets storage clothes
It is engaged in after bill and storage session key, to storage server requests storage service.Storage server verify storage service bill and
Session key is stored, after being verified, provides storage service.Here be equivalent to realize and verify twice, guarantee storage service with
And the information security of access service.And client is to certificate server application storage service ticket requests, while and sending
Pass through the encrypted authentication code of session key.Namely each client be required to authentication code could access registrar server into
And storage service bill is obtained, it is equivalent to provided with three security protection modes.
The present invention is based on LDAP and Kerberos to realize that account, certification and the authoring system concentrated, LDAP are used to do account
Management, Kerberos is as certification.In general authorization is determined by application, by configuring in ldap database
Attribute can allow application program to carry out authorization judgement.LDAP and Kerberos realizes account, certification and the authorization concentrated, LDAP
For doing account management, Kerberos is as certification, and in general authorization is determined by application, by ldap database
The middle some attributes of configuration can allow application program to carry out authorization judgement.Key pair is provided in client and cluster certificate server
This, certificate server and storage service shared key copy carry out authentication by the method for shared key.
Account, certification and the authorization concentrated are realized based on LDAP and Kerberos;Distributed file system needs offer pair
The authentication of system administration and data storage, in conjunction with the characteristics of distributed file system storage, optimization key management was authenticated
Journey and certificate server;Authentication efficiency and flexibility are improved, while increasing the stability and safety of system.
Detailed description of the invention
In order to illustrate more clearly of technical solution of the present invention, attached drawing needed in description will be made below simple
Ground introduction, it should be apparent that, drawings in the following description are only some embodiments of the invention, for ordinary skill
For personnel, without creative efforts, it is also possible to obtain other drawings based on these drawings.
Fig. 1 is the network authorization protocol access control method flow chart of cloud management system;
Fig. 2 is the network authorization protocol access control method embodiment flow chart of cloud management system;
Fig. 3 is the network authorization protocol access control system schematic diagram of cloud management system.
Specific embodiment
The present invention provides a kind of network authorization protocol access control method of cloud management system, as shown in Figure 1, method packet
It includes:
S1, client request to obtain storage service bill to certificate server;
Wherein, certificate server can be Authentication Server: certificate server (AS).In systems, may be used
To include multiple client, client, which can be based on needs, requests to obtain storage service bill to certificate server.
Storage service bill can be based on Ticket Granting Server ticket authorisation server (TGS), also
It is the ticketing services of certificate server.
Explanation is needed further exist for, the key of client is with base64 code storage in local.
Namely key of the client configured with systemic presupposition is deposited based on preset key to certificate server request
Service ticket is stored up, whether certificate server is incidentally requested key into request transmitted by verifying client, such as incidentally requested close
The request key that client is sent then is compared verifying with preset request key, after being verified, then is generated by key
And storage service bill is provided to client and stores the operation of session key.
S2, the client-based request of certificate server generate and provide storage service bill and storage session to client
Key;
Here verifying is compared with preset request key in the request key that client is sent by certificate server, verifying
By rear, client-based request generates and provides storage service bill and storage session key to client.
If request key is not configured in the client of some or certain several new addition systems, certificate server can be regular
The client state that is newly added of scanning system, if there is client is newly added, and client be newly added meet and access and use
The permission of system.Then client granting be added request key to new, in order to be newly added client obtain storage service bill and
Store session key.
If address change occurs for client, then address change request occurs to certificate server, certificate server is based on becoming
Key is requested in client granting after more.
S3, storage service bill of the client based on acquisition and storage session key, store to storage server requests and take
Business;
It is to store and take to storage server requests that client, which requests the purpose for obtaining storage service bill to certificate server,
Business.Namely client needs to need to establish communication connection between storage server, client needs and storage server into
The storage of row data, such client first pass through certificate server and obtain storage service bill and storage session key, get and deposit
Store up service ticket and storage session key, then with storage server requests storage service.
S4, storage server verify storage service bill and storage session key, after being verified, provide storage service.
If after storage server is verified, providing storage service to the client for issuing verifying.If verifying is not led to
It crosses, then rejects request.Client can not access storage server.Possible client is unauthorized state.If client is without depositing
Service ticket and storage session key are stored up, will be unable to access storage server, can guarantee system data safety in this way, prevent non-
Authorized client obtains data.
It in order to make the invention's purpose, features and advantages of the invention more obvious and easy to understand, below will be with specific
Examples and drawings, the technical solution protected to the present invention are clearly and completely described, it is clear that implementation disclosed below
Example is only a part of the embodiment of the present invention, and not all embodiment.Based on the embodiment in this patent, the common skill in this field
Art personnel all other embodiment obtained without making creative work belongs to the model of this patent protection
It encloses.
Further offer technology of the present invention is illustrated, as shown in Fig. 2, before step 1 further include:
S11, client are permitted to certificate server request bill;
Bill license, that is, the right to use of storage server are got to certificate server based on above-mentioned steps client
Limit.
Here client is to certificate server application storage service ticket requests, while and sending through session key encryption
Authentication code afterwards.
Authentication code is a kind of mode for allowing certificate server to approve client, after certificate server verifies authentication code
It can play and client is verified.If the client of no authentication code will be unable to get the approval of certificate server.
And then effectively protect access of the unauthorized client end to certificate server.
S12, certificate server verify the request of client;
Certificate server can simultaneously, and synchronous verifies multiple client.Certificate server can be based on each
The address of client is handled differently come the information sent to each client.
S13 after being verified, generates session key, and create bill;
It needs exist for verifying client.The request key and preset request that certificate server sends client
Verifying is compared in key, after being verified, client-based request generate and to client provide storage service bill and
Store session key.
Bill and session key are issued to the client by S14, certificate server.
The client described in this way can carry out storage processing to storage server based on bill and session key.
If realized within hardware, the present invention relates to a kind of devices, such as can be used as processor or integrated circuit dress
It sets, such as IC chip or chipset.Alternatively or additionally, if realized in software or firmware, the technology can
Realize at least partly by computer-readable data storage medium, including instruction, when implemented, make processor execute one or
More above methods.For example, computer-readable data storage medium can store the instruction such as executed by processor.
The computer program product of computer-readable medium can form a part, may include packaging material.Data
Computer-readable medium may include computer storage medium, such as random access memory (RAM), read-only memory
(ROM), nonvolatile RAM (NVRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), flash memory, magnetic or
Optical data carrier and analog.In some embodiments, a kind of manufacture product may include that one or more computers can
Read storage media.
The present invention also provides a kind of embodiments, specially
Step 1, client request to obtain storage service bill to certificate server;
Wherein, certificate server is configured with Kerberos network authorization agreement and ldap directory access protocol;Storage service
Device is configured with ldap database;Certificate server and storage server share session key.
The Certificate Authority mechanism of LDAP+Kerberos, Kerberos are one kind that the service for checking credentials is requested in computer network
Safety method obtains session key by the bill generated at any time.What this programme proposed is recognized based on what Kerberos+LDAP was done
The access mechanism for demonstrate,proving authorization, improves authentication efficiency and safety, while also more stable.LDAP is Light Directory Access Protocol,
Full name in English is Lightweight Directory Access Protocol, is generally all referred to as LDAP.It is to be based on
X.500 standard, but simple mostly and can according to need customization.From it is X.500 different, LDAP support TCP/IP, this is right
It is necessary for accessing Internet.
Step 2, the client-based request of certificate server generate and provide storage service bill and storage to client
Session key;
Certificate server generates session key, and generates the bill for requesting storage service, and the use of bill is storage
The private encryption of service, and client is transferred to by session key.
Step 3, storage service bill of the client based on acquisition and storage session key, are deposited to storage server requests
Storage service;
Realize that account, certification and the authoring system concentrated, LDAP are used to do account management based on LDAP and Kerberos,
Kerberos is as certification.In general authorization is determined by application, by configuring some attributes in ldap database
Application program can be allowed to carry out authorization judgement.
Step 4, storage server verifies storage service bill and storage session key, after being verified, provides storage clothes
Business.
After storage server verifies storage service bill and storage session key success, it is retrieved as client and storage clothes is provided
The period of business;
Storage server, which will stab the verification time, adds one, and will stab the verification time and an information is added to encrypt to obtain by session key
Timestamp encryption information is sent to client;Storage server is based on timestamp encryption information
Clients providing data store-service.
In the present embodiment, the period of storage server is accessed and used provided with each client.In the time of authorization
Client accesses to storage server in section.And each access usage time interval, client are required to obtain different
Storage service bill and storage session key.And storage server will test the verification time stamp of each period plus one
Card timestamp adds an information to encrypt to obtain timestamp encryption information by session key and be sent to client.This ensure that each
The verification mode that period accesses storage server is different.If the verification mode for some period that is cracked, also cannot achieve
It accesses at any time to storage server, improves the security performance based on information in storage server.
Based on above-mentioned method, the present invention also provides a kind of network authorization protocol access control system of cloud management system,
As shown in Figure 3, comprising: client 1, certificate server 2 and storage server 3;Client 1 is used to request to certificate server
Obtain storage service bill;Certificate server 2 generates for client-based request and provides storage service ticket to client
According to storage session key;Client 1 is for storage service bill and storage session key based on acquisition, to storage server
Request storage service;Storage server 3 is verified for storage server verifying storage service bill and storage session key
Afterwards, storage service is provided.
Wherein, certificate server 2 is configured with Kerberos network authorization agreement and ldap directory access protocol;Storage service
Device is configured with ldap database;Certificate server and storage server share session key.
Certificate server 2 be also used to based on ldap directory access protocol and Kerberos network authorization protocol realization account,
Certification and empowerment management;Ldap directory access protocol is used to do account management, and Kerberos network authorization agreement is as certification.
The more preferred mode that present system and mode provide are as follows:
This patent main inventive be LDAP+Kerberos Certificate Authority mechanism, Kerberos is in computer network
A kind of safety method of service for checking credentials request, obtains session key by the bill generated at any time.
Realize that account, certification and the authoring system concentrated, LDAP are used to do account management based on LDAP and Kerberos,
Kerberos is as certification.In general authorization is determined by application, by configuring some attributes in ldap database
Application program can be allowed to carry out authorization judgement.
LDAP is configured, the configuration file of LDAP server-side is edited, it is relevant several that TLS certificate can be used in the present invention
Need to be prepared in advance corresponding private key and certificate file are instructed, specific production method please refers to here.Here it does not do first and matches
It sets.Character string after rootpw instruction corresponds to initial ldap administrator's password, raw by order slappasswd-s 123456
At.After replacing the character string and being correct password, the annotation of the row please be cancel.
Start LDAP service, execution/etc/init.d/slapd start, database at this time is sky, passes through slapcat
Verifying, or inquired using ldapsearch:
Initialize ldap database, first document demo.ldif.
UserPassword in this document is by ordering slappasswd-s 123456 | and base64 is generated.
Import data to ldap database;
Execute order ldapadd-x-D'cn=root, ou=Control, dc=demo, dc=local'-w
123456-h 127.0.0.1-f/tmp/demo.ldif
Execute ldapsearch-x-D'cn=root, ou=Control, dc=demo, dc=local'-w 123456-
H127.0.0.1-b'dc=demo, dc=local' should be able to inquire the data of importing.It is configured in ldif file above
Rootdn corresponding password, editor/etc/openldap/slapd.conf annotate a line where rootpw, then/
Etc/init.d/slapd restart restarts ldap service, and the ldapsearch order execution then reused above is looked into
It askes, it should same result can be obtained.
The step of the above are configuration LDAP, if necessary to use the LDAP as user authentication, it is only necessary to (such as to user
Uid=test, ou=People, dc=demo, dc=local) addition userPassword member.
Then script can be developed in conjunction with business feature oneself to large-scale user management to simplify regular job.Simple base
It is able to achieve the account number and authentication management of concentration in LDAP, but in view of the encrypted message in LDAP is to be stored directly in number
According in library, needs username and password being transmitted directly to ldap server in certification, be not safe and believable environment
Under this mode have security risk, come together to realize that user authentication can be to avoid the risk of this respect using Kerberos.
In the present invention, certificate server also needs to configure Kerberos.
The relevant data of Kerberos are also required to be stored in some database, herein we select to use LDAP as
Its database, in order to the convenience (only needing unified backup ldap database) of data backup.If necessary to use
The database of its own, then need to replace with following kdb5_ldap_util order kdb5_util, first editing files/
The content of etc/krb5.conf is as follows: starting Kerberos service
Execution/etc/init.d/mit-krb5kdc start;
Kerberos authentication is used, needing to make in the password domain of user following modification, (userPassword is corresponding close
Code is by echo-n " { SASL } test@DEMO.LOCAL " | and base64 is generated):
Execute ldapmodify-x-D'cn=root, ou=Control, dc=demo, dc=local'-w 123456-
H127.0.0.1-f/tmp/test.ldif applies the modification.
Kerberos workflow is that Kerberos is added by generating key at random in the method for operation of certificate server
Close transmitting key, forms a connecting link using the mode of the old and new's key and ensures communication safety, and effectively prevent monitoring and reset.
Kerberos in the task-set of authentication again in authentication server-distributed storage certificate server,
Certificate server inherits the function of original certificate server and ticket-granting server.Certificate server safeguards user respectively
Identity information and identification database, the Verification System of entire certificate server are divided into certification certificate server, bill Licensing Authority
Server, client and server, two class vouchers are used in verification process, and respectively bill and authentication code, two class vouchers make
With private key encryption, but the key encrypted is different.
Account, certification and the authorization concentrated are realized based on LDAP and Kerberos;Distributed file system needs offer pair
The authentication of system administration and data storage, in conjunction with the characteristics of distributed file system storage, optimization key management was authenticated
Journey and certificate server;On the basis of meeting to client certificate service, authentication efficiency and flexibility are improved, is increased simultaneously
The stability and safety of system.
Explanation is needed further exist for, client is also used to configure the store-service time carried out between storage server
Section;Client requested to obtain storage service bill, and the storage based on acquisition to certificate server based on the store-service period
Service ticket and storage session key, to storage server requests storage service;Storage server is also used to verify storage service
After bill and storage session key success, it is retrieved as client and the period of storage service is provided;It will stab verification time plus one, and
It will stab verification time plus an information encrypts to obtain timestamp encryption information and is sent to client by session key;Storage server
It is clients providing data store-service within the storage service period based on timestamp encryption information.
In some embodiments, computer readable storage medium may include non-volatile media.Term " non-transient " institute
Stating storage medium can indicate to be not included in carrier wave or transmitting signal.In certain embodiments, non-transitory storage medium can be with
Storing data, it can be changed over time in (for example, RAM or cache).
It includes that one or more processors execute that the code or instruction, which can be software and/or firmware by processing circuit,
Such as one or more digital signal processors (DSP), general purpose microprocessor, application-specific integrated circuit (ASICs), scene can be compiled
Journey gate array (FPGA) or other equivalents are integrated circuit or discrete logic.Therefore, term " processor, " due to
It can refer to that any aforementioned structure or any other structure are more suitable for the technology as described herein realized as used herein.Separately
Outside, in some respects, function described in the disclosure can be provided in software module and hardware module.
The foregoing description of the disclosed embodiments enables those skilled in the art to implement or use the present invention.
Various modifications to these embodiments will be readily apparent to those skilled in the art, as defined herein
General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, of the invention
It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one
The widest scope of cause.
Claims (10)
1. a kind of network authorization protocol access control method of cloud management system, which is characterized in that method includes:
Step 1, client request to obtain storage service bill to certificate server;
Step 2, the client-based request of certificate server generate and provide storage service bill and storage session to client
Key;
Step 3, storage service bill of the client based on acquisition and storage session key, store to storage server requests and take
Business;
Step 4, storage server verify storage service bill and storage session key, after being verified, provide storage service.
2. the network authorization protocol access control method of cloud management system according to claim 1, which is characterized in that
Before step 1 further include:
Client is permitted to certificate server request bill;
Certificate server verifies the request of client;
After being verified, session key is generated, and create bill;
Bill and session key are issued to the client by certificate server.
3. the network authorization protocol access control method of cloud management system according to claim 2, which is characterized in that
Step client is permitted to certificate server request bill further include:
The key of client is with base64 code storage in local.
4. the network authorization protocol access control method of cloud management system according to claim 2, which is characterized in that step
One further include:
Client and is sent through the encrypted identification of session key to certificate server application storage service ticket requests
Code.
5. the network authorization protocol access control method of cloud management system according to claim 1 or 2, which is characterized in that
Step 2 further include:
Certificate server generates session key, and generates the bill for requesting storage service, and the use of bill is storage service
Private encryption, and client is transferred to by session key.
6. the network authorization protocol access control method of cloud management system according to claim 1 or 2, which is characterized in that
Step 4 further include:
After storage server verifies storage service bill and storage session key success, it is retrieved as client and storage service is provided
Period;
Storage server, which will stab the verification time, adds one, and will stab the verification time and an information is added to encrypt to obtain the time by session key
Stamp encryption information is sent to client;
Storage server is based on timestamp encryption information, is clients providing data store-service within the storage service period.
7. a kind of network authorization protocol access control system of cloud management system characterized by comprising client, certification clothes
Business device and storage server;
Client is used to request to obtain storage service bill to certificate server;
Certificate server is for client-based request generation and close to client granting storage service bill and storage session
Key;
Client is for storage service bill and storage session key based on acquisition, to storage server requests storage service;
Storage server after being verified, is provided and is deposited for storage server verifying storage service bill and storage session key
Storage service.
8. the network authorization protocol access control system of cloud management system according to claim 7, which is characterized in that
Certificate server is configured with Kerberos network authorization agreement and ldap directory access protocol;
Storage server is configured with ldap database;
Certificate server and storage server share session key.
9. the network authorization protocol access control system of cloud management system according to claim 8, which is characterized in that
Certificate server be also used to based on ldap directory access protocol and Kerberos network authorization protocol realization account, certification and
Empowerment management;Ldap directory access protocol is used to do account management, and Kerberos network authorization agreement is as certification.
10. the network authorization protocol access control system of cloud management system according to claim 7 or 8, which is characterized in that
Client is also used to configure the store-service period carried out between storage server;
Client requested to obtain storage service bill, and the storage based on acquisition to certificate server based on the store-service period
Service ticket and storage session key, to storage server requests storage service;
After storage server is also used to verify storage service bill and storage session key success, it is retrieved as client and storage is provided
The period of service;It will stab verification time and add one, and will stab the verification time and an information is added to encrypt to obtain the time by session key
Stamp encryption information is sent to client;
Storage server is based on timestamp encryption information, is clients providing data store-service within the storage service period.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910146731.XA CN109862024A (en) | 2019-02-27 | 2019-02-27 | A kind of the network authorization protocol access control method and system of cloud management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910146731.XA CN109862024A (en) | 2019-02-27 | 2019-02-27 | A kind of the network authorization protocol access control method and system of cloud management system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109862024A true CN109862024A (en) | 2019-06-07 |
Family
ID=66899173
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910146731.XA Pending CN109862024A (en) | 2019-02-27 | 2019-02-27 | A kind of the network authorization protocol access control method and system of cloud management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109862024A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110830465A (en) * | 2019-11-01 | 2020-02-21 | 大唐微电子技术有限公司 | Security protection method for accessing UKey, server and client |
| CN111817860A (en) * | 2020-09-01 | 2020-10-23 | 苏州浪潮智能科技有限公司 | Communication authentication method, device, equipment and storage medium |
| CN112929374A (en) * | 2021-02-09 | 2021-06-08 | 深圳阿帕云计算有限公司 | Cloud computing-based multi-factor bidirectional dynamic authentication encryption system |
| CN113395289A (en) * | 2021-06-30 | 2021-09-14 | 北京奇艺世纪科技有限公司 | Authentication method, authentication device, electronic equipment and storage medium |
| CN114374706A (en) * | 2022-01-11 | 2022-04-19 | 北京易智时代数字科技有限公司 | Content security management method based on distributed architecture |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120240212A1 (en) * | 2011-03-15 | 2012-09-20 | Thomas Alexander Wood | Systems and methods for generating modular security delegates for applications |
| CN106453313A (en) * | 2016-10-15 | 2017-02-22 | 成都育芽科技有限公司 | Virtual machine security verification system and method based on cloud computing platform |
-
2019
- 2019-02-27 CN CN201910146731.XA patent/CN109862024A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120240212A1 (en) * | 2011-03-15 | 2012-09-20 | Thomas Alexander Wood | Systems and methods for generating modular security delegates for applications |
| CN106453313A (en) * | 2016-10-15 | 2017-02-22 | 成都育芽科技有限公司 | Virtual machine security verification system and method based on cloud computing platform |
Non-Patent Citations (2)
| Title |
|---|
| M_HSU: "基于对称加密的密钥分配和Kerberos认证", 《HTTPS://BLOG.CSDN.NET/U012470144/ARTICLE/DETAILS/82726296 》 * |
| 天天向上_好好学习: "使用LDAP + Kerberos实现集中用户认证及授权系统", 《HTTPS://BLOG.CSDN.NET/CHENG_FANGANG/ARTICLE/DETAILS/40143261?UTM_SOURCE=BLOGXGWZ3》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110830465A (en) * | 2019-11-01 | 2020-02-21 | 大唐微电子技术有限公司 | Security protection method for accessing UKey, server and client |
| CN111817860A (en) * | 2020-09-01 | 2020-10-23 | 苏州浪潮智能科技有限公司 | Communication authentication method, device, equipment and storage medium |
| CN111817860B (en) * | 2020-09-01 | 2021-02-23 | 苏州浪潮智能科技有限公司 | Communication authentication method, device, equipment and storage medium |
| CN112929374A (en) * | 2021-02-09 | 2021-06-08 | 深圳阿帕云计算有限公司 | Cloud computing-based multi-factor bidirectional dynamic authentication encryption system |
| CN113395289A (en) * | 2021-06-30 | 2021-09-14 | 北京奇艺世纪科技有限公司 | Authentication method, authentication device, electronic equipment and storage medium |
| CN114374706A (en) * | 2022-01-11 | 2022-04-19 | 北京易智时代数字科技有限公司 | Content security management method based on distributed architecture |
| CN114374706B (en) * | 2022-01-11 | 2024-05-28 | 北京易智时代数字科技有限公司 | Content security management method based on distributed architecture |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2021206913B2 (en) | Systems and methods for distributed data sharing with asynchronous third-party attestation | |
| US11606352B2 (en) | Time-based one time password (TOTP) for network authentication | |
| CN103563294B (en) | Certification and authorization method for cloud computing platform security | |
| WO2020143470A1 (en) | Method for issuing digital certificate, digital certificate issuing center, and medium | |
| CN109862024A (en) | A kind of the network authorization protocol access control method and system of cloud management system | |
| O’Malley et al. | Hadoop security design | |
| CN102638454B (en) | Plug-in type SSO (single signon) integration method oriented to HTTP (hypertext transfer protocol) identity authentication protocol | |
| US8296828B2 (en) | Transforming claim based identities to credential based identities | |
| US9172541B2 (en) | System and method for pool-based identity generation and use for service access | |
| US20140013409A1 (en) | Single sign on for cloud | |
| CN111314340B (en) | Authentication method and authentication platform | |
| CN105577665A (en) | Identity and access control and management system and method in cloud environment | |
| US20110314533A1 (en) | Identity broker configured to authenticate users to host services | |
| WO2013071087A1 (en) | Single sign on for cloud | |
| JP2010531516A (en) | Device provisioning and domain join emulation over insecure networks | |
| CN111316267A (en) | Authentication using delegated identities | |
| Laborde et al. | A user-centric identity management framework based on the W3C verifiable credentials and the FIDO universal authentication framework | |
| CN114666168B (en) | Decentralized identity certificate verification method and device, and electronic equipment | |
| US20060129804A1 (en) | Message based network configuration of server certificate purchase | |
| CN109587100A (en) | A kind of cloud computing platform user authentication process method and system | |
| Abdelrazig Abubakar et al. | Blockchain-based identity and authentication scheme for MQTT protocol | |
| JP2010086175A (en) | Remote access management system and method | |
| CN114127764A (en) | Destination addressing associated with distributed ledger | |
| CN114760070A (en) | Digital certificate issuing method, digital certificate issuing center and readable storage medium | |
| CN106529216B (en) | Software authorization system and software authorization method based on public storage platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190607 |
|
| RJ01 | Rejection of invention patent application after publication |