CN114531348A - Network communication method, device, terminal and storage medium based on zero trust technology - Google Patents
Network communication method, device, terminal and storage medium based on zero trust technology Download PDFInfo
- Publication number
- CN114531348A CN114531348A CN202210019853.4A CN202210019853A CN114531348A CN 114531348 A CN114531348 A CN 114531348A CN 202210019853 A CN202210019853 A CN 202210019853A CN 114531348 A CN114531348 A CN 114531348A
- Authority
- CN
- China
- Prior art keywords
- application service
- client
- access request
- application
- network communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000006854 communication Effects 0.000 title claims abstract description 86
- 238000004891 communication Methods 0.000 title claims abstract description 75
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000005516 engineering process Methods 0.000 title claims abstract description 25
- 230000002787 reinforcement Effects 0.000 claims abstract description 36
- 238000004590 computer program Methods 0.000 claims description 13
- 238000009434 installation Methods 0.000 claims description 9
- 238000012545 processing Methods 0.000 claims description 8
- 230000004044 response Effects 0.000 claims description 8
- 230000001360 synchronised effect Effects 0.000 claims description 6
- 230000003014 reinforcing effect Effects 0.000 abstract description 21
- 238000013475 authorization Methods 0.000 abstract description 8
- 230000002457 bidirectional effect Effects 0.000 abstract description 3
- 230000000694 effects Effects 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000009897 systematic effect Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application discloses a network communication method, a device, a terminal and a storage medium based on a zero trust technology, wherein the method comprises the steps of receiving application service strategy information, finishing strategy configuration on application service resources according to the application service strategy information, and determining a service strategy of the application service resources; acquiring an application service access request from a client, and judging whether to respond to the request; if so, searching the corresponding application service from the application service resource, establishing an application communication link with the client and allowing access. The invention realizes the authentication, authorization and encryption communication between the client and the server in the TCP network communication by the deployment mode of the reinforcing shield and the reinforcing root. Meanwhile, the method uses MTLS to carry out continuous bidirectional authentication and information encryption in the communication process, thereby obviously improving the safety in the communication process and ensuring the effect of safety reinforcement.
Description
Technical Field
The application relates to a network communication method, in particular to a network communication method, a device, a terminal and a storage medium based on a zero trust technology, and belongs to the technical field of network communication safety.
Background
In recent years, with the rapid development of computer and internet technologies, network communication has become an indispensable communication mode in people's daily work and life. Along with this, the security problem of network communication is more and more concerned by various fields due to the hidden security troubles existing all the time in the network communication process, which are influenced by various rogue software, computer viruses and even hackers.
Taking the most basic TCP network communication as an example, the architecture is shown in fig. 1, which is a connection-oriented, reliable transport layer communication mode based on byte streams, that is, a TCP connection is established between a client and a server before data is exchanged, and then data is mutually transmitted. And in the process, the functions of overtime retransmission, repeated data discarding, data checking, flow control and the like are provided, and the data are ensured to be transmitted from one end to the other end. However, in the current TCP network communication, the following problems are ubiquitous:
1. when the program does not actively carry out safe encryption, plaintext transmission such as an http protocol is used as a default in the communication process, and the content is easily acquired by a third party;
2. when the program is subjected to security encryption, the protection level of the security encryption too depends on the program, so that higher risk of being cracked exists;
3. the service resources of the server need to be accessed by an external client, and an authorization mechanism does not exist in the whole communication process by default, so that the client can access the server at will after authentication is completed, and the possibility of service resource exposure is greatly increased;
4. the user identity is difficult to define, and higher authentication risk exists. For example, for a system requiring password authentication login, although the security policy of the system requires the user to set a complicated password and periodically request updating, it cannot be fully assumed that the user is authentic. An attacker can easily acquire a user password by using common attack means such as phishing, library dragging and the like; in addition, although the user regularly updates the password and uses a more complicated password as required, the password used each time is regular and easy to be cracked for the convenience of memory.
In summary, how to provide a new network communication method, device, terminal and storage medium capable of achieving the purpose of security reinforcement based on the prior art becomes a common concern of those skilled in the art.
Disclosure of Invention
In view of the foregoing defects in the prior art, an object of the present invention is to provide a network communication method, apparatus, terminal and storage medium based on the zero trust technology, which are described in the following.
A network communication method based on zero trust technology comprises the following steps:
receiving application service policy information, finishing policy configuration on application service resources according to the application service policy information, and determining a service policy of the application service resources;
acquiring an application service access request from a client, encrypting the application service access request by using MTLS, and judging whether to respond to the application service access request according to a service policy of an application service resource; if so, then
And searching the application service corresponding to the application service access request from the application service resource, establishing an application communication link with the client, and allowing the client to access the application service.
Preferably, before the receiving the application service policy information, completing policy configuration on the application service resource according to the application service policy information, and determining a service policy of the application service resource, the method further includes:
and acquiring a security reinforcement data packet from a control center, and completing registration and installation of a reinforcement control, wherein the reinforcement control at least comprises a reinforcement shield and an MTLS authentication certificate.
Preferably, the acquiring an application service access request from a client, where the application service access request is encrypted using MTLS, and determining whether to respond to the application service access request according to a service policy of the application service resource includes:
acquiring the application service access request, wherein the application service access request is generated by the client according to client operation and is encrypted by the reinforcement shield which is connected to the rear end of the client through signals, the encryption mode is MTLS encryption, and whether the application service access request is responded or not is judged according to a service strategy of the application service resource; if not, otherwise
And disconnecting an application communication link with the client and forbidding the client to access the application service.
Preferably, the acquiring an application service access request from a client, where the application service access request is encrypted using MTLS, and determining whether to respond to the application service access request according to a service policy of the application service resource, further includes:
if a plurality of application service access requests from the same client are obtained, only the application service access requests which accord with the service policy of the application service resource are responded, the application service corresponding to the responded application service access requests is searched from the application service resource, an application communication link is established, and the client is allowed to access the application service.
A network communication device based on zero trust technology, comprising:
the service policy configuration module is configured to receive application service policy information, complete policy configuration on application service resources according to the application service policy information, and determine a service policy of the application service resources;
an access request response module configured to obtain an application service access request from a client, where the application service access request is encrypted using MTLS, and determine whether to respond to the application service access request according to a service policy of the application service resource; if so, then
And the access operation permission module is configured to search the application service corresponding to the application service access request from the application service resource, establish an application communication link with the client and allow the client to access the application service.
Preferably, the network communication device based on the zero trust technology further includes:
and the control registration installation module is configured to acquire a security reinforcement data packet from the control center and complete registration and installation of the reinforcement control, and the reinforcement control at least comprises a reinforcement shield and an MTLS authentication certificate.
Preferably, the access request response module includes:
an access request obtaining unit, configured to obtain the application service access request, where the application service access request is generated by the client according to a client operation and is encrypted by the reinforcement shield signal-connected to the back end of the client, the encryption mode is MTLS encryption, and whether to respond to the application service access request is determined according to a service policy of the application service resource; if not, otherwise
An access request prohibiting unit configured to disconnect an application communication link with the client and prohibit the client from accessing the application service.
Preferably, the access request response module further includes:
and the access request synchronous processing unit is configured to only respond to the application service access requests which accord with the service policy of the application service resource if the access request synchronous processing unit acquires a plurality of application service access requests from the same client, search the application service corresponding to the responded application service access requests from the application service resource, establish an application communication link and allow the client to access the application service.
A terminal comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the network communication method based on the zero-trust technology when executing the computer program.
A computer-readable storage medium, which stores a computer program, which, when being executed by a processor, implements the steps of the network communication method based on the zero-trust technology as described above.
The advantages of the invention are mainly embodied in the following aspects:
the network communication method based on the zero trust technology realizes authentication, authorization and encrypted communication between the client and the server in TCP network communication through the deployment mode of the reinforcing shield and the reinforcing root. Meanwhile, the method uses MTLS to carry out continuous bidirectional authentication and information encryption in the communication process, thereby remarkably improving the safety in the communication process and ensuring the effect of safety reinforcement. Moreover, the method greatly reduces the risk of service resource exposure by applying the service hiding mode. In addition, the method carries out systematic authorization management on the application service after the root is strengthened, and allows or forbids an access request of a certain user, thereby realizing fine-grained and accurate control on the user authority.
Corresponding to the method, the network communication device, the terminal and the storage medium based on the zero trust technology realize the safety reinforcement of the TCP network communication process by a systematized and standardized processing flow, further provide technical support for the continuous and stable network communication, have higher adaptability and compatibility of a hardware scheme, and can be practically applied to various network communication scenes.
The invention also provides reference for other technical schemes related to TCP network communication, can be used for expanding and deeply researching, and has very wide application prospect.
The following detailed description of the embodiments of the present invention is provided in connection with the accompanying drawings for the purpose of facilitating understanding and understanding of the technical solutions of the present invention.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, are included to provide a further understanding of the application and to enable other features, objects, and advantages of the application to be more apparent. The drawings and their description illustrate the embodiments of the invention and do not limit it. In the drawings:
FIG. 1 is a diagram illustrating a prior art architecture for TCP network communication;
FIG. 2 is a schematic diagram of a TCP network communication architecture after the present solution is used;
FIG. 3 is a schematic flow diagram of a portion of the process of the present invention;
fig. 4 is a schematic view of the structure of the apparatus part of the present invention.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
The invention adopts a zero trust core technology, uses a deployment mode of a reinforcement shield and a reinforcement root to continuously authenticate and encrypt the client and the server which adopt TCP network communication, and the whole communication architecture is shown in figure 2. The problems of authentication, authorization and transmission encryption are solved. From the reinforcing effect, if the attacker does not have legal identity, the attacker cannot move transversely in the data plane. Because after the network policy white list is set in the network layer, the illegal access of the network layer is prohibited. In addition, complete authentication, authorization and communication encryption can be realized between the user and the application service, and finally the purpose of network communication security reinforcement is achieved. The specific scheme is as follows.
On one hand, the invention relates to a network communication method based on a zero trust technology, as shown in fig. 3, comprising the following steps:
s1, acquiring a security reinforcing data packet from the control center, and completing registration and installation of a reinforcing control, wherein the reinforcing control comprises a reinforcing shield, a reinforcing root and an MTLS authentication certificate.
The reinforcing shield is deployed at the rear end of the client, the reinforcing root can be deployed at the front end of the server or inside the server according to actual use requirements, the reinforcing shield and the reinforcing root are in signal connection, and one reinforcing root can correspond to a plurality of reinforcing shields.
S2, the reinforcing shield receives application data agent information from the control center, strategy configuration of the application agent data is completed according to the application data agent information, and an agent strategy of the application data is determined;
and the reinforcing root receives the application service strategy information from the control center, completes strategy configuration on the application service resources according to the application service strategy information and determines the service strategy of the application service resources.
S3, the reinforcing root acquires the application service access request, the application service access request is generated by the client according to customer operation and is encrypted by the reinforcing shield which is connected to the rear end of the client through signals, the encryption mode is MTLS encryption (if not specified, all encryption is performed by default), and whether the application service access request is responded is judged according to the service strategy of the application service resource;
if so, searching the application service corresponding to the application service access request from the application service resource, realizing an application communication link between the client and the server through the reinforcing root, and allowing the client to access the application service;
and if not, disconnecting the application communication link between the client and the client, and forbidding the client to access the application service.
It should be noted that, in this process, if a plurality of application service access requests from the same client are obtained, only the application service access requests meeting the service policy of the application service resource are responded, the application service corresponding to the responded application service access request is searched from the application service resource, an application communication link is established, and the client is allowed to access the application service.
The operation mode does not affect the reinforced shield to access other application services behind the reinforced root while prohibiting access, and does not affect other reinforced shields to access the application services, so that fine-grained application and user-level flow control are realized.
In summary, the network communication method based on the zero trust technology provided by the present invention realizes the authentication, authorization and encryption communication between the client and the server in the TCP network communication by the deployment of the reinforcement shield and the reinforcement root. Meanwhile, the method uses MTLS to carry out continuous bidirectional authentication and information encryption in the communication process, thereby remarkably improving the safety in the communication process and ensuring the effect of safety reinforcement. Moreover, the method also greatly reduces the risk of service resource exposure by applying a service hiding mode. In addition, the method carries out systematic authorization management on the application service after the root is strengthened, and allows or forbids an access request of a certain user, thereby realizing fine-grained and accurate control on the user authority.
In another aspect, the present invention further relates to a network communication device based on the zero trust technology, which has a structure as shown in fig. 4, and includes:
the control registration installation module is configured to acquire a security reinforcement data packet from a control center and complete registration and installation of a reinforcement control, wherein the reinforcement control at least comprises a reinforcement shield and an MTLS authentication certificate;
the service policy configuration module is configured to receive application service policy information, complete policy configuration on application service resources according to the application service policy information, and determine a service policy of the application service resources;
an access request response module configured to obtain an application service access request from a client, where the application service access request is encrypted using MTLS, and determine whether to respond to the application service access request according to a service policy of the application service resource; if so, then
And the access operation permission module is configured to search the application service corresponding to the application service access request from the application service resource, establish an application communication link with the client and allow the client to access the application service.
In one possible implementation manner, the access request response module includes:
an access request obtaining unit, configured to obtain the application service access request, where the application service access request is generated by the client according to a client operation and is encrypted by the reinforcement shield signal-connected to the back end of the client, the encryption mode is MTLS encryption, and whether to respond to the application service access request is determined according to a service policy of the application service resource; if not, otherwise
An access request prohibiting unit configured to disconnect an application communication link with the client and prohibit the client from accessing the application service;
and the access request synchronous processing unit is configured to only respond to the application service access requests which accord with the service policy of the application service resource if the access request synchronous processing unit acquires a plurality of application service access requests from the same client, search the application service corresponding to the responded application service access requests from the application service resource, establish an application communication link and allow the client to access the application service.
In yet another aspect, the present invention also relates to a terminal, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement the steps of the network communication method based on the zero trust technology as described above, for example, the steps shown in fig. 1. Alternatively, the processor, when executing the computer program, implements the functions of each module/unit in the above-described device embodiments, for example, the functions of each module/unit shown in fig. 3.
In yet another aspect, the present invention further relates to a computer-readable storage medium, which stores a computer program, and the computer program, when executed by a processor, implements the steps in the network communication method based on the zero-trust technology as described above.
The readable storage medium may be a computer storage medium or a communication medium. Communication media includes any medium that facilitates transfer of a computer program from one place to another. Computer storage media can be any available media that can be accessed by a general purpose or special purpose computer. For example, a readable storage medium is coupled to the processor such that the processor can read information from, and write information to, the readable storage medium. Of course, the readable storage medium may also be an integral part of the processor. The processor and the readable storage medium may reside in an Application Specific Integrated Circuits (ASIC). Additionally, the ASIC may reside in user equipment. Of course, the processor and the readable storage medium may also reside as discrete components in a communication device. The readable storage medium may be a read-only memory (ROM), a random-access memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
Corresponding to the content of the method, the network communication device, the terminal and the storage medium based on the zero trust technology realize the safety reinforcement of the TCP network communication process by a systematized and standardized processing flow, further provide technical support for the continuous and stable network communication, have higher adaptability and compatibility of a hardware scheme, and can be applied to various network communication scenes practically.
The invention also provides reference for other technical schemes related to TCP network communication, can be used for expanding and deeply researching, and has very wide application prospect.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.
Finally, it should be understood that although the present description refers to embodiments, not every embodiment contains only a single technical solution, and such description is for clarity only, and those skilled in the art should integrate the description, and the technical solutions in the embodiments can be appropriately combined to form other embodiments understood by those skilled in the art.
Claims (10)
1. A network communication method based on zero trust technology is characterized by comprising the following steps:
receiving application service policy information, completing policy configuration on application service resources according to the application service policy information, and determining a service policy of the application service resources;
acquiring an application service access request from a client, encrypting the application service access request by using MTLS, and judging whether to respond to the application service access request according to a service policy of the application service resource; if so, then
And searching the application service corresponding to the application service access request from the application service resource, establishing an application communication link with the client, and allowing the client to access the application service.
2. The network communication method according to claim 1, wherein before the receiving the application service policy information, completing policy configuration on the application service resource according to the application service policy information, and determining the service policy of the application service resource, the method further comprises:
and acquiring a security reinforcement data packet from a control center, and completing registration and installation of a reinforcement control, wherein the reinforcement control at least comprises a reinforcement shield and an MTLS authentication certificate.
3. The method according to claim 2, wherein the obtaining an application service access request from a client, the application service access request being encrypted using MTLS, and determining whether to respond to the application service access request according to a service policy of the application service resource comprises:
acquiring the application service access request, wherein the application service access request is generated by the client according to client operation and is encrypted by the reinforcement shield which is connected to the rear end of the client through signals, the encryption mode is MTLS encryption, and whether the application service access request is responded or not is judged according to a service strategy of the application service resource; if not, otherwise
And disconnecting an application communication link with the client and forbidding the client to access the application service.
4. The method according to claim 3, wherein the obtaining of the application service access request from the client is performed by encrypting the application service access request using MTLS, and determining whether to respond to the application service access request according to the service policy of the application service resource, further comprises:
if a plurality of application service access requests from the same client are obtained, only the application service access requests meeting the service policy of the application service resource are responded, the application service corresponding to the responded application service access requests is searched from the application service resource, an application communication link is established, and the client is allowed to access the application service.
5. A network communication device based on zero trust technology, comprising:
the service policy configuration module is configured to receive application service policy information, complete policy configuration on application service resources according to the application service policy information, and determine a service policy of the application service resources;
an access request response module configured to obtain an application service access request from a client, where the application service access request is encrypted using MTLS, and determine whether to respond to the application service access request according to a service policy of the application service resource; if so, then
And the access operation permission module is configured to search the application service corresponding to the application service access request from the application service resource, establish an application communication link with the client and allow the client to access the application service.
6. The network communication device based on the zero trust technology of claim 5, further comprising:
and the control registration installation module is configured to acquire a security reinforcement data packet from the control center and complete registration and installation of the reinforcement control, and the reinforcement control at least comprises a reinforcement shield and an MTLS authentication certificate.
7. The network communication device of claim 6, wherein the access request response module comprises:
an access request obtaining unit, configured to obtain the application service access request, where the application service access request is generated by the client according to a client operation and is encrypted by the reinforcement shield signal-connected to the back end of the client, the encryption mode is MTLS encryption, and whether to respond to the application service access request is determined according to a service policy of the application service resource; if not, otherwise
An access request prohibiting unit configured to disconnect an application communication link with the client and prohibit the client from accessing the application service.
8. The network communication device of claim 7, wherein the access request response module further comprises:
and the access request synchronous processing unit is configured to only respond to the application service access requests which accord with the service policy of the application service resource if the access request synchronous processing unit acquires a plurality of application service access requests from the same client, search the application service corresponding to the responded application service access requests from the application service resource, establish an application communication link and allow the client to access the application service.
9. A terminal comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the network communication method based on the zero-trust technology as claimed in any one of claims 1 to 4 when executing the computer program.
10. A computer-readable storage medium, which stores a computer program, wherein the computer program, when executed by a processor, implements the steps in the network communication method based on zero-trust technology according to any one of claims 1 to 4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210019853.4A CN114531348A (en) | 2022-01-07 | 2022-01-07 | Network communication method, device, terminal and storage medium based on zero trust technology |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210019853.4A CN114531348A (en) | 2022-01-07 | 2022-01-07 | Network communication method, device, terminal and storage medium based on zero trust technology |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114531348A true CN114531348A (en) | 2022-05-24 |
Family
ID=81621499
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210019853.4A Pending CN114531348A (en) | 2022-01-07 | 2022-01-07 | Network communication method, device, terminal and storage medium based on zero trust technology |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114531348A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140122873A1 (en) * | 2012-10-31 | 2014-05-01 | Steven W. Deutsch | Cryptographic enforcement based on mutual attestation for cloud services |
US20160119342A1 (en) * | 2014-05-20 | 2016-04-28 | Box, Inc. | Systems and methods for secure resource access and network communication |
CN111490993A (en) * | 2020-04-13 | 2020-08-04 | 江苏易安联网络技术有限公司 | Application access control security system and method |
CN112100675A (en) * | 2020-11-05 | 2020-12-18 | 南京云信达科技有限公司 | Zero-trust data storage access method and system |
CN113572738A (en) * | 2021-06-29 | 2021-10-29 | 中孚安全技术有限公司 | Zero trust network architecture and construction method |
-
2022
- 2022-01-07 CN CN202210019853.4A patent/CN114531348A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140122873A1 (en) * | 2012-10-31 | 2014-05-01 | Steven W. Deutsch | Cryptographic enforcement based on mutual attestation for cloud services |
US20160119342A1 (en) * | 2014-05-20 | 2016-04-28 | Box, Inc. | Systems and methods for secure resource access and network communication |
CN111490993A (en) * | 2020-04-13 | 2020-08-04 | 江苏易安联网络技术有限公司 | Application access control security system and method |
CN112100675A (en) * | 2020-11-05 | 2020-12-18 | 南京云信达科技有限公司 | Zero-trust data storage access method and system |
CN113572738A (en) * | 2021-06-29 | 2021-10-29 | 中孚安全技术有限公司 | Zero trust network architecture and construction method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR100989487B1 (en) | Method for authenticating a user to a service of a service provider | |
US10999272B2 (en) | Authenticating and authorizing users with JWT and tokenization | |
US6212636B1 (en) | Method for establishing trust in a computer network via association | |
US5872847A (en) | Using trusted associations to establish trust in a computer network | |
US8683607B2 (en) | Method of web service and its apparatus | |
EP2442204B1 (en) | System and method for privilege delegation and control | |
US6530025B1 (en) | Network connection controlling method and system thereof | |
US20070209081A1 (en) | Methods, systems, and computer program products for providing a client device with temporary access to a service during authentication of the client device | |
US20130117824A1 (en) | Privacy preserving authorisation in pervasive environments | |
US6785729B1 (en) | System and method for authorizing a network user as entitled to access a computing node wherein authenticated certificate received from the user is mapped into the user identification and the user is presented with the opprtunity to logon to the computing node only after the verification is successful | |
JP2003532185A (en) | Security link management in dynamic networks | |
JPH09128337A (en) | Method and apparatus for protection of masquerade attack in computer network | |
WO2022062517A1 (en) | Authentication method and system | |
WO2017097101A1 (en) | Method and apparatus for account number login | |
US8955098B2 (en) | Establishing network security using internet protocol security policies | |
CN112491829B (en) | MEC platform identity authentication method and device based on 5G core network and blockchain | |
CN107634973B (en) | Service interface safe calling method | |
CN115996122A (en) | Access control method, device and system | |
CN116260656B (en) | Main body trusted authentication method and system in zero trust network based on blockchain | |
KR100819024B1 (en) | Method for authenticating user using ID/password | |
US20030226037A1 (en) | Authorization negotiation in multi-domain environment | |
CN114531348A (en) | Network communication method, device, terminal and storage medium based on zero trust technology | |
JP2005217679A (en) | Authentication server performing authentication of communication partner | |
Pashalidis et al. | Using GSM/UMTS for single sign-on | |
CN114024682A (en) | Cross-domain single sign-on method, service equipment and authentication equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |