CN115189973B - Method and system for software security and encryption - Google Patents

Method and system for software security and encryption Download PDF

Info

Publication number
CN115189973B
CN115189973B CN202211107098.1A CN202211107098A CN115189973B CN 115189973 B CN115189973 B CN 115189973B CN 202211107098 A CN202211107098 A CN 202211107098A CN 115189973 B CN115189973 B CN 115189973B
Authority
CN
China
Prior art keywords
interface
token
software
service request
token bucket
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211107098.1A
Other languages
Chinese (zh)
Other versions
CN115189973A (en
Inventor
罗锋
杨凯凯
蒋童
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yijian Technology Suzhou Co ltd
Original Assignee
Yijian Technology Suzhou Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yijian Technology Suzhou Co ltd filed Critical Yijian Technology Suzhou Co ltd
Priority to CN202211107098.1A priority Critical patent/CN115189973B/en
Publication of CN115189973A publication Critical patent/CN115189973A/en
Application granted granted Critical
Publication of CN115189973B publication Critical patent/CN115189973B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/215Flow control; Congestion control using token-bucket
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

By the software security and encryption method and system, additional encryption protection can be performed on data transmission of the software interface, the security and stability of the interface are improved, network attack is responded through the setting of the token bucket, and the defense capability is improved; meanwhile, by arranging the isolation module, only the server configuration service port deployed by the software needs to be developed, and the change of the environment configuration of the software on the server can be completed only by operating the isolation module, so that the parameter configuration process of the software is simplified, the operation and maintenance difficulty is reduced, the isolation of different environment configurations is realized, particularly the isolation of the authority of a common developer and the authority of an administrator, and the safety and the privacy of key system configuration parameters are improved.

Description

Method and system for software security and encryption
Technical Field
The invention relates to the field of software security, in particular to a method and a system for software security and encryption.
Background
In the current software development process, a development phase, a test phase and an online deployment phase (or a business production phase) are generally included, and different phases have different software environment configurations. Configuring a development environment in a development stage, and developing software by developers under the configuration of the development environment; in the upper deployment stage, the service production environment is configured, and the configuration data of the service production environment is often very critical private data. However, in the current software development process, the configuration of the business production environment often does not isolate developers, and the developers have the configuration data of the business production environment or can acquire the configuration data of the business production environment, which causes that the key system setting parameters of the business production environment cannot be effectively protected, thereby having potential safety hazards.
In software operation, a software interface receives an external service request, but interface parameters are usually transmitted in a plaintext manner, so that the external part can easily acquire the parameters and configuration of the interface, and potential data safety hazards are brought. Particularly, when software adopts a SaaS deployment mode, a default module of an interface of the SaaS platform analyzes a service request, and when the service request relates to a data encryption condition, the service request cannot be sent to a corresponding interface after being analyzed by the default module. Meanwhile, the existing software interface has no safety protection, and cannot defend DDoS attack, so that the software defense capability is low.
In addition, most of the existing software deployment adopts a SaaS deployment mode deployed on a cloud server, when software is deployed, ssh login is required to be adopted for deployment, and concomitantly, a gateway white list needs to be replaced irregularly; however, as the number of the service servers increases, the operation and maintenance operations of the software become very complicated, which greatly increases the workload and burden of the service servers, reduces the efficiency of the operation and maintenance, and brings risks to the normal operation of the software.
Therefore, there is a need for a security and encryption method and system for software, and more particularly, for a security and encryption method and system for software, to improve the security and operation efficiency of software.
Disclosure of Invention
In order to solve the above technical problem, the present invention provides a method for software security and encryption, comprising:
the software is provided with a token bucket, the interior of the software generates tokens at regular time and stores the tokens in the token bucket;
the token can be set for a specific interface or all interfaces, the service request needs to apply for the token from the token bucket before being received by the interfaces, and the corresponding interface can be called after the service request is added with the token;
wherein a token is removed from the token bucket after the token is requested from the token bucket by a service request; and when no token exists in the token bucket, the service request is limited to be sent to the corresponding interface.
Further, the token bucket is a distributed token bucket implemented based on redis, and the script of the token bucket adopts lua language.
Further, the method also includes:
before or after the service request obtains the token, the service request is sent to a request parameter analyzer, and the service request comprises first data and second data;
the request parameter resolver maps first data in the service request into a first data packet;
the request parameter analyzer can obtain a designated interface of software corresponding to the service request according to second data in the service request, the request parameter analyzer obtains parameters of the designated interface, and when the designated interface is judged to have encryption setting, the request parameter analyzer encrypts or decrypts the first data packet according to the obtained parameters of the designated interface and sends the encrypted or decrypted data to the designated interface.
Further, the first data is form data, data in a json packet or parameters in a url.
Further, the request parameter parser judges whether the specified interface has encryption setting through the annotation or the global configuration parameter of the specified interface.
Further, when the encryption setting exists in the specified interface, the specified interface adopts a DES encryption and decryption algorithm.
Further, the method further comprises: the method comprises the steps that the environment configuration of software is changed through an isolation module, the isolation module is provided with a permission management system, a production environment configuration file of the software is issued through the isolation module, and therefore the environment configuration in the software is changed.
In addition, the invention provides a system for software security and encryption, which comprises an interface module and a token bucket; the token bucket stores tokens, the software internally generates the tokens at regular time and stores the tokens into the token bucket; the token can be set for a preset interface or all interfaces, the service request needs to apply for the token from the token bucket before being received by the interface module, and the corresponding interface can be called after the service request is added with the token; wherein a token is removed from the token bucket after the token is requested from the token bucket by a service request; when no token exists in the token bucket, the service request is limited to be sent to the corresponding interface; preferably, the token bucket is a distributed token bucket implemented based on redis, and the script of the token bucket adopts lua language.
The system further comprises a request parameter analyzer, the request parameter analyzer is used for receiving the service request before the token is obtained or the service request after the token is obtained, the request parameter analyzer can obtain the appointed interface of the software corresponding to the service request according to the service request, the request parameter analyzer obtains the parameters of the appointed interface, and when the appointed interface is judged to have encryption setting, the request parameter analyzer decrypts the data of the service request according to the obtained parameters of the appointed interface and sends the decrypted data to the appointed interface; preferably, the request parameter parser judges whether the specified interface has encryption setting through the annotation or global configuration parameter of the specified interface; preferably, when the encryption setting exists in the specified interface, the specified interface adopts a DES encryption decryption algorithm.
The system further comprises an isolation module, the isolation module is in data communication with the server deployed by the software, the isolation module is provided with a permission management system, and the environment configuration of the software can be changed through the isolation module.
The implementation of the invention has the following beneficial effects: by the method and the system for software security and encryption, additional encryption protection can be performed on data transmission of a software interface, the security and the stability of the interface are improved, network attack is responded through the setting of the token bucket, and the defense capability is improved; meanwhile, by arranging the isolation module, only the server configuration service port deployed by the software needs to be developed, and the change of the environment configuration of the software on the server can be completed only by operating the isolation module, so that the parameter configuration process of the software is simplified, the operation and maintenance difficulty is reduced, the isolation of different environment configurations is realized, particularly the isolation of the authority of a common developer and the authority of an administrator, and the safety and the privacy of key system configuration parameters are improved.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a system architecture diagram for software security and encryption of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without any inventive step, are within the scope of the present invention.
In the software in the prior art, when SaaS deployment is adopted, that is, when the software is deployed on a cloud server, a default parameter parser already exists in a spring framework in an interface of a SaaS platform to parse a service request, and in such a manner, transmission of interface data is usually performed by plaintext transmission, which makes the security of the interface low. When there are some sensitive data in the service request, the sensitive data are usually encrypted in the service request, and when the encrypted service request is subjected to default parsing by the default parameter parser, the data of the service request cannot be sent to the corresponding interface, so that the service request cannot be responded, and meanwhile, the interface is also blocked.
Accordingly, the present invention provides a method for software security and encryption, as shown in fig. 1, including:
the software is provided with a token bucket, the interior of the software generates tokens at regular time and stores the tokens in the token bucket; the frequency of generating tokens can adopt a fixed frequency, and can also be automatically adjusted according to the current operating condition of the software, and particularly when the software is in a high-peak access request, the frequency of generating tokens can be correspondingly adjusted according to the capacity of the software or the capacity of a server so as to efficiently process a service request. The token bucket is a distributed token bucket realized based on redis, and the algorithm of the token bucket is optimized, so that the operation of adding tokens is not required to be carried out by an additional program, and the token bucket has the advantage of high pressure bearing capacity. In particular, the script of the token bucket employs the lua language. The purpose of setting the token bucket and requesting the token is to control the number of service requests received by the software interface in such a way, which can make the attack such as DDoS be well dealt with, and greatly improve the stability and defensive ability of the interface. Additionally, the total number of tokens in the token bucket can also be controlled and adjusted to adjust the total number of received service requests.
Furthermore, the issuing mode of the token can be specially controlled, and an offensive access request can be identified, or a special IP address can be identified, or an important request can be identified, so that unreal access requests can be filtered out, and the token can be issued only for important and real access requests. A white list or black list may be additionally set, in which requests, addresses or objects allowing access are stored, which are high priority requests, addresses or objects; the blacklist stores requests, addresses or objects for which access is prohibited. Moreover, the white list or the black list can be edited.
In particular, the token can be set for a specific interface or all interfaces, and fig. 1 shows that the token is only used for a specific interface 1, thereby providing that the service request needs to be applied for the token from the token bucket before being received by the interface 1, and the service request can call the corresponding interface 1 after the token is added, so that the service request received by the interface 1 can be controlled, and not only can the peak request of the service be compatible, but also the interface 1 can be protected, and the interface 1 can be prevented from being paralyzed due to the high-frequency request.
When a token is requested by a service request and applied from a token bucket, the token is eliminated from the token bucket, and a new token is added; however, if the software is attacked by DDos, the total number of tokens in the token bucket may be set, or the state of token issuance may be limited, to limit the service request to be sent to the corresponding interface 1, thereby reducing the number of DDos requests received by the interface and ensuring the stability of the interface.
In order to solve the encryption problem of interface transmission, as shown in fig. 1, the method further includes:
the service request is sent to the custom request parameter parser either before the token is obtained (shown in solid lines in FIG. 1) or after the token is obtained (shown in dashed lines in FIG. 1). The request parameter analyzer can be added into software through a Software Development Kit (SDK) in a software development stage, and can analyze a service request to acquire a request content type and corresponding data of the service request; the method can be used for communicating with an interface of software to obtain configuration information of the interface, particularly whether the interface has encryption setting or not and whether a DES symmetric encryption algorithm is used or not, and based on the obtained information of the interface, a service request is encrypted or decrypted by using a corresponding encryption and decryption algorithm, so that the service request transmitted to the interface conforms to the encryption format or the decryption format of the interface, and therefore, the interface transmission is performed in an encryption mode.
Specifically, the service request may include, for example, first data and second data, where the first data may be form data, data in a json packet, or a parameter in a url, that is, data representing a specific parameter; the second data may be data representing the type of service request, data representing a category of content. The request parameter resolver can map first data in the service request into a first data packet; the request parameter parser may obtain the designated interface of the software corresponding to the service request according to the second data in the service request, that is, it is assumed here that different interfaces of the software are used to receive service requests of different types of request content, for example, some interfaces are used to receive requests of query types, and some interfaces are used to receive requests of changing data and configuration.
And then, communicating with the appointed interface by a request parameter parser to obtain parameters of the appointed interface and parse the received parameters of the appointed interface, wherein when the appointed interface is judged to have encryption setting, particularly, the request parameter parser judges whether the appointed interface has encryption setting through annotation or global configuration parameters of the appointed interface, and the request parameter parser encrypts or decrypts the first data packet according to the obtained parameters of the appointed interface, particularly, an encryption and decryption algorithm corresponding to the appointed interface, particularly, a DES symmetric encryption and decryption algorithm is adopted, and the decrypted data is sent to the appointed interface. Therefore, the safety of interface transmission can be ensured.
Further, as shown in fig. 1, the security and encryption method for software according to the present invention further includes:
the software is provided with an isolation module which is used as a relay part or a middle part and is connected between the operation and maintenance deployment and the server of the software deployment; when software is deployed to a server (an entity server or a cloud server), changes can only be made to the environment configuration of the software through the isolation module.
The isolation module can be a bastion machine, and the bastion machine is used for collecting and monitoring the system state, security events and network activities of each component in the network environment in real time by various technical means in order to ensure that the network and the data are not invaded and damaged by external and internal users under a specific network environment, so as to intensively alarm, timely process and audit the responsibility determination equipment.
And the isolation module is a module with a right management system, and can set corresponding rights for specific personnel, so that only authorized personnel are allowed to use the isolation module to change the configuration data of the software, and personnel without rights cannot access, acquire and change the environment configuration data of the software at all. Therefore, after the software is deployed, only part of administrators can be permitted to maintain the operation of the software, and other developers in the development phase are isolated, so that the safety of key data of the software in the operation phase is guaranteed. Therefore, as the environment configuration parameters of the software at different stages are different, after the software enters a deployment stage, particularly is deployed to a cloud server in a SaaS deployment mode, the sensitive and private configuration information at a service production stage can be isolated and kept secret relative to personnel at a development stage.
Moreover, when the isolation module changes the environment configuration of the software, particularly the software version is updated, the new configuration data can be overlaid on the old configuration data, so that operation and maintenance personnel can send the production environment configuration file to a server of the software only by updating the configuration of the isolation module, the old configuration data is overlaid by the new configuration data, and the software is updated and iterated. Therefore, the safety of the service data is improved, the code structure is simplified, parameter comparison is not needed in the issuing process, and the issuing cost is reduced.
In addition, the present invention provides a system for software security and encryption, as shown in fig. 1, the system includes an interface module and a token bucket; the token bucket stores tokens, the software internally generates the tokens at regular time and stores the tokens into the token bucket; the token can be set for a preset interface or all interfaces, the service request needs to apply for the token from the token bucket before being received by the interface module, and the corresponding interface can be called after the service request is added with the token; wherein a token is removed from the token bucket after the token is requested from the token bucket by a service request; when no token exists in the token bucket, the service request is limited to be sent to a corresponding interface; preferably, the token bucket is a distributed token bucket implemented based on redis, and the script of the token bucket adopts lua language.
The system further comprises a request parameter analyzer, wherein the request parameter analyzer is used for receiving a service request before the token is acquired or a service request after the token is acquired, the request parameter analyzer can obtain a specified interface of software corresponding to the service request according to the service request, the request parameter analyzer acquires parameters of the specified interface, and when the specified interface is judged to have encryption setting, the request parameter analyzer decrypts data of the service request according to the acquired parameters of the specified interface and sends the decrypted data to the specified interface; preferably, the request parameter parser judges whether the specified interface has encryption setting through the annotation or the global configuration parameter of the specified interface; preferably, when the encryption setting exists in the designated interface, the designated interface adopts a DES encryption and decryption algorithm.
The system further comprises an isolation module, the isolation module is in data communication with the server deployed by the software, the isolation module is provided with a permission management system, and the environment configuration of the software can be changed through the isolation module.
The implementation of the invention has the following beneficial effects: by the security and encryption method and system for software, the data transmission of the software interface can be subjected to additional encryption protection, the security and stability of the interface are improved, network attack is responded through the setting of the token bucket, and the defense capability is improved; meanwhile, by arranging the isolation module, only the development of a server configuration service port deployed by software is needed, and the change of the environment configuration of the software on the server can be completed only by operating the isolation module, so that the parameter configuration process of the software is simplified, the operation and maintenance difficulty is reduced, the isolation of different environment configurations is realized, particularly the isolation of the authority of common developers from the authority of administrators is realized, and the safety and the privacy of key system configuration parameters are improved.
While the invention has been described in connection with what is presently considered to be the most practical and preferred embodiment, it is to be understood that the invention is not to be limited to the disclosed embodiment, but on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.

Claims (8)

1. A security and encryption method for software, comprising:
the software is provided with a token bucket, the interior of the software generates tokens at regular time and stores the tokens in the token bucket;
the token can be set for a specific interface or all interfaces, the service request needs to apply for the token from the token bucket before being received by the interfaces, and the corresponding interface can be called after the service request is added with the token;
wherein a token is removed from the token bucket after the token is applied from the token bucket by a service request; when no token exists in the token bucket, the service request is limited to be sent to a corresponding interface;
before or after the service request obtains the token, the service request is sent to a request parameter analyzer and comprises first data and second data;
the request parameter resolver maps first data in the service request into a first data packet;
the request parameter analyzer can obtain a designated interface of software corresponding to the service request according to second data in the service request, acquire parameters of the designated interface, and when the designated interface is judged to have encryption setting, encrypt or decrypt the first data packet according to the acquired parameters of the designated interface and send the encrypted or decrypted data to the designated interface.
2. The method of claim 1, wherein the token bucket is a distributed token bucket implemented based on redis, and wherein scripts of the token bucket are in lua language.
3. The method of claim 2, wherein the first data is form data, data in a json package, or a parameter in a url.
4. The method of claim 2, wherein the request parameter parser determines whether the specified interface has encryption settings through a comment or a global configuration parameter of the specified interface.
5. The method of claim 2, wherein the designated interface employs a DES encryption decryption algorithm when the encryption setting exists for the designated interface.
6. The method according to any one of claims 1 to 5, characterized in that the method further comprises: the method comprises the steps that the environment configuration of software is changed through an isolation module, the isolation module is provided with a permission management system, a production environment configuration file of the software is issued through the isolation module, and therefore the environment configuration in the software is changed.
7. A security and encryption system for software, the system comprising an interface module and a token bucket; the token bucket stores tokens, the software internally generates the tokens at regular time and stores the tokens into the token bucket; the token can be set for a specific interface or all interfaces, the service request needs to apply for the token from the token bucket before being received by the interface module, and the corresponding interface can be called after the service request is added with the token; wherein a token is removed from the token bucket after the token is requested from the token bucket by a service request; when no token exists in the token bucket, the service request is limited to be sent to a corresponding interface; the token bucket is a distributed token bucket realized based on redis, and a script of the token bucket adopts lua language; the system also comprises a request parameter analyzer, wherein the request parameter analyzer is used for receiving a service request before the token is acquired or a service request after the token is acquired, the request parameter analyzer can obtain a specified interface of software corresponding to the service request according to the service request, the request parameter analyzer acquires parameters of the specified interface, and when the specified interface is judged to have encryption setting, the request parameter analyzer decrypts data of the service request according to the acquired parameters of the specified interface and sends the decrypted data to the specified interface; the request parameter parser judges whether the appointed interface has encryption setting or not through the annotation or the global configuration parameter of the appointed interface; when the encryption setting exists in the designated interface, the designated interface adopts a DES encryption and decryption algorithm.
8. The system of claim 7, further comprising an isolation module in data communication with the server on which the software is deployed, the isolation module being configured with a rights management system that enables changes to the environment configuration of the software via the isolation module.
CN202211107098.1A 2022-09-13 2022-09-13 Method and system for software security and encryption Active CN115189973B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211107098.1A CN115189973B (en) 2022-09-13 2022-09-13 Method and system for software security and encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211107098.1A CN115189973B (en) 2022-09-13 2022-09-13 Method and system for software security and encryption

Publications (2)

Publication Number Publication Date
CN115189973A CN115189973A (en) 2022-10-14
CN115189973B true CN115189973B (en) 2022-11-25

Family

ID=83524349

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211107098.1A Active CN115189973B (en) 2022-09-13 2022-09-13 Method and system for software security and encryption

Country Status (1)

Country Link
CN (1) CN115189973B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111614570A (en) * 2020-04-20 2020-09-01 北京邮电大学 Flow control system and method for service grid
CN114615203A (en) * 2022-01-30 2022-06-10 阿里云计算有限公司 Access control method, device, storage medium and processor

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111147429B (en) * 2018-11-06 2022-10-04 上海仪电(集团)有限公司中央研究院 Project research and development environment deployment system
CN109815385A (en) * 2019-01-31 2019-05-28 无锡火球普惠信息科技有限公司 Crawler and crawling method based on APP client
CN113765818A (en) * 2020-06-28 2021-12-07 北京沃东天骏信息技术有限公司 Distributed current limiting method, device, equipment, storage medium and system
CN114143265A (en) * 2021-11-26 2022-03-04 杭州安恒信息技术股份有限公司 Network flow current limiting method, device, equipment and storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111614570A (en) * 2020-04-20 2020-09-01 北京邮电大学 Flow control system and method for service grid
CN114615203A (en) * 2022-01-30 2022-06-10 阿里云计算有限公司 Access control method, device, storage medium and processor

Also Published As

Publication number Publication date
CN115189973A (en) 2022-10-14

Similar Documents

Publication Publication Date Title
US9043897B2 (en) Payment card industry (PCI) compliant architecture and associated methodology of managing a service infrastructure
KR102136039B1 (en) Security in software defined network
CN105027493B (en) Safety moving application connection bus
JP2002175010A (en) Home page falsification preventing system
CN113704767A (en) Vulnerability scanning engine and vulnerability worksheet management fused vulnerability management system
US20140137230A1 (en) Provisioning proxy for provisioning data on hardware resources
CN107342963A (en) A kind of secure virtual machine control method, system and the network equipment
CN109977644A (en) Right management method is classified under a kind of Android platform
Rosborough et al. All about eve: comparing DNP3 secure authentication with standard security technologies for SCADA communications
CN115189973B (en) Method and system for software security and encryption
KR20130085473A (en) Encryption system for intrusion detection system of cloud computing service
KR102184114B1 (en) Method and apparatus for providing network security service
CN109587134B (en) Method, apparatus, device and medium for secure authentication of interface bus
CN116633725A (en) All-channel access gateway
US11770363B2 (en) Systems and methods for secure access smart hub for cyber-physical systems
CN108347411B (en) Unified security guarantee method, firewall system, equipment and storage medium
KR102284183B1 (en) Access control system and method using SQL tool based on web
KR101992985B1 (en) An access control system of controlling hard-coded passwords and commands for enhancing security of the servers
KR20020083551A (en) Development and Operation Method of Multiagent Based Multipass User Authentication Systems
Urias et al. On the feasibility of generating deception environments for industrial control systems
Rocha Cybersecurity analysis of a SCADA system under current standards, client requisites, and penetration testing
Snow et al. Simple authentication
KR20090040655A (en) System and method for enterprise signature management and distribution for network attacks
CN116781359B (en) Portal security design method using network isolation and cryptograph
Neal et al. Securing Systems after Deployment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant