CN115208674A - Decentralized global current limiting method and system - Google Patents

Decentralized global current limiting method and system Download PDF

Info

Publication number
CN115208674A
CN115208674A CN202210840309.6A CN202210840309A CN115208674A CN 115208674 A CN115208674 A CN 115208674A CN 202210840309 A CN202210840309 A CN 202210840309A CN 115208674 A CN115208674 A CN 115208674A
Authority
CN
China
Prior art keywords
current limiting
information
access
client
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210840309.6A
Other languages
Chinese (zh)
Inventor
孔祥文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Digital China Financial Software Co ltd
Original Assignee
Digital China Financial Software Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Digital China Financial Software Co ltd filed Critical Digital China Financial Software Co ltd
Priority to CN202210840309.6A priority Critical patent/CN115208674A/en
Publication of CN115208674A publication Critical patent/CN115208674A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/12Avoiding congestion; Recovering from congestion
    • H04L47/125Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/215Flow control; Congestion control using token-bucket
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys

Abstract

The invention provides a decentralized global current limiting method and a decentralized global current limiting system, wherein the method comprises the following steps: acquiring a business service instance; configuring a global current limiting rule and a current limiting private key for the business service instance, and starting the business service instance; a client carries a user certificate to access an authentication service instance to obtain an authentication token; the client carries an authentication token to access a business service instance, the business service instance forwards the request to an authentication service, the authentication service judges whether the authentication token is valid, if the authentication token is invalid, the business access fails, if the authentication token is valid, whether the client is in a set current limiting rule is judged, and if the authentication token is not in line with the current limiting rule, the access directly passes; if the current limiting rule is met, the business service instance generates a flow information block according to the current limiting rule; and after the business service acquires the flow information block, confirming whether the flow information block is tampered. The global current limiting rule does not need a separate global current limiting service any more, and the use efficiency of the system is improved.

Description

Decentralized global current limiting method and system
Technical Field
The invention relates to the field of current limiting, in particular to a decentralized global current limiting method and system.
Background
The traditional global current limiting architecture independently uses an additional current limiting service, the current limiting service is based on a token bucket algorithm, after a user accesses the business service, the business service removes the current limiting service to obtain a token, if the current limiting service can be obtained, the user is allowed to access the business service, and if the current limiting service can not be obtained, the access frequency of the corresponding business service reaches the maximum limit, and the user access is intercepted.
This approach has two disadvantages, one is that additional current limiting services need to be initiated, resulting in a waste of IT resources. Secondly, when the current limiting is needed and the service services are many, the load of the current limiting service is very high, which causes the current limiting service itself to become a system bottleneck and affects the stability of the whole system.
Disclosure of Invention
In view of the above, the present invention has been developed to provide a decentralized global current limiting method and system that overcome or at least partially solve the above-mentioned problems.
According to an aspect of the present invention, there is provided a decentralized global current limiting method comprising:
acquiring a business service instance;
the business service instance is configured with a global current limiting rule and a current limiting private key, and the business service instance is started;
a client carries a user certificate to access an authentication service instance to obtain an authentication token;
the client carries an authentication token to access a business service instance, the business service instance forwards the request to an authentication service, the authentication service judges whether the authentication token is valid, if the authentication token is invalid, the business access fails, if the authentication token is valid, whether the client is in a set current limiting rule is judged, and if the authentication token is not in line with the current limiting rule, the access directly passes;
if the current limiting rule is met, the business service instance generates a flow information block according to the current limiting rule;
after receiving the current limiting information, the client adjusts the access frequency according to the current residual access frequency, so as to ensure that the access does not trigger a current limiting threshold value, thereby causing access failure;
and after the business service acquires the flow information block, confirming whether the flow information block is tampered.
Optionally, the configuration mode specifically includes: through configuration files and configuration centers.
Optionally, the client carries a user credential to access the authentication service instance, and obtaining the authentication token specifically includes:
and the authentication service judges whether the user certificate is valid or not, if the user certificate is invalid, the access is failed, and if the user certificate is valid, the authentication token is issued to the client.
Optionally, the traffic information block specifically includes:
limiting the original information, comprising: the method comprises the following steps of (1) limiting a current rule ID, a client ID, a business service name, a current limiting time window, a window starting time and a residual frequency;
the current limiting rule ID comprises a current limiting rule identifier corresponding to the client, and the ID of each current limiting rule is unique;
the client ID comprises a unique client identifier, and an access instance of the client is uniquely confirmed according to the unique client identifier;
the business service name records the service name under the effect of the current limiting rule;
the current limiting time window is a current limiting time range;
the window starting time is the current limiting effective time;
the residual times are the residual access times of the client under the corresponding current limiting rule;
acquiring a current limiting information encryption hash value;
and the current-limiting public key is matched with the current-limiting private key to complete the encryption and decryption of the RSA asymmetric encryption.
Optionally, the obtaining the current-limiting information encrypted hash value specifically includes:
the method comprises the steps that (1) a current limiting information encryption hash value = RSA _ Enc (a current limiting private key, a current limiting information original hash value), wherein RSA represents an asymmetric encryption algorithm, and the current limiting private key is current limiting information configured for service;
the current limiting information original hash value generation rule is as follows:
the stream restriction information raw hash value = SHA256 (stream restriction raw information), where SHA256 represents the SHA256 digest algorithm.
Optionally, after the generating the traffic information block according to the current limiting rule, the service instance further includes:
acquiring a first original abstract, including SHA256 (current limiting original information), representing abstract generation of the current limiting original information;
acquiring a second original abstract: RSA _ Dec (current limit public key, current limit information encrypted hash value), which represents that the current limit information encrypted hash value is RSA decrypted, and the decrypted value is an original information digest generated at the service end;
if the first original abstract and the second original abstract are not equal, the flow information block is considered to be tampered, and the access is invalid; if the flow information blocks are equal, the flow information blocks are considered to be real and effective;
and the business service updates the flow information block according to the original current-limiting information and the current time, and the updated flow information is issued to the client by generating new flow information.
Optionally, the current limiting method further includes: if the traffic information block information is the same traffic information block information, the traffic information block information is sent to the same service instance, the service instance judges whether the traffic information block information is used, if the traffic information block information is used, the repeated traffic information block information is covered, and secondary consumption of the traffic information block is avoided on the basis of the latest traffic information stored by the server.
Optionally, the current limiting method further includes:
if the flow of the malicious client enters and the flow information block is repeatedly used, the business service instance can be detected in real time, if the flow is found to be malicious access, the access of the client is immediately returned to fail, and the access of the client to the business service is temporarily brought into a blacklist.
The invention also provides a decentralized global current limiting system, which applies the decentralized global current limiting method, and the current limiting system comprises: the system comprises a client module, a service module, a load balancing module, a time synchronization module and an authentication service module;
the client module is used for sending an access request to the business service, when the maximum current limiting times are not reached, the service is normally accessed, and when the maximum current limiting times are exceeded, the request returns an exception;
the service module is used for maintaining the current limiting information, updating the current limiting information in time according to the user access condition and ensuring the normal current limiting function of the service;
the load balancing module is used for polling the client access service to each service instance module so as to avoid the service from being centralized in one service instance access;
the time synchronization module is used for ensuring that the time of each business service instance is consistent, and the consistent time is used for ensuring that the generation and destruction of the flow token of each business service instance are synchronous after decentralization;
the authentication service module is used for determining that the access of each client is authenticated, and preventing illegal requests from reaching the service.
The invention provides a decentralized global current limiting method and system, wherein the method comprises the following steps: acquiring a business service instance; configuring a global current limiting rule and a current limiting private key for the business service instance, and starting the business service instance; a client carries a user certificate to access an authentication service instance to obtain an authentication token; the client carries an authentication token to access a business service instance, the business service instance forwards the request to an authentication service, the authentication service judges whether the authentication token is valid, if the authentication token is invalid, the business access fails, if the authentication token is valid, whether the client is in a set current limiting rule is judged, and if the authentication token is not in line with the current limiting rule, the access directly passes; if the current limiting rule is met, the business service instance generates a flow information block according to the current limiting rule; after receiving the current limiting information, the client adjusts the access frequency according to the current residual access frequency, and ensures that the access does not trigger a current limiting threshold value, thereby causing access failure; and after the business service acquires the flow information block, confirming whether the flow information block is tampered. The global current limiting rule does not need a separate global current limiting service any more, and the use efficiency of the system is improved. And the current limiting rule is prevented from being maliciously tampered by introducing an encryption algorithm and a digest algorithm.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the description below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a decentralized global current limiting method according to an embodiment of the present invention;
fig. 2 is a block diagram of a decentralized global current limiting system according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The terms "comprises" and "comprising," and any variations thereof, in the described embodiments of the invention and in the claims and drawings, are intended to cover a non-exclusive inclusion, such as, for example, a list of steps or elements.
The technical solution of the present invention is further described in detail with reference to the accompanying drawings and embodiments.
A decentralized global current limiting method comprises the following steps:
and all the business service instances are configured with global current limiting rules and current limiting private keys, and all the business service instances are started. The configuration mode is through a configuration file or a configuration center.
The client carries the user certificate to access the authentication service instance, an authentication token is obtained, the authentication service judges whether the certificate is valid or not, if the certificate is invalid, the access fails, and if the certificate is valid, the authentication token is issued to the client
The client carries the authentication token to access the service instance, the service instance forwards the request to the authentication service, the authentication service judges whether the authentication token is valid, if the authentication token is invalid, the service access fails, if the authentication token is valid, whether the client is in the set current limiting rule is judged, and if the authentication token is not in line with the current limiting rule, the access is directly passed.
If the client conforms to the flow limiting rule, the business service instance generates a flow information block according to the conforming rule. The block contains the following information:
the original information of the current limiting comprises a current limiting rule ID, a client ID, a business service name, a current limiting time window, a window starting time and a residual frequency, wherein:
the current limiting rule ID contains a current limiting rule identifier corresponding to the client, and the ID of each current limiting rule is unique.
The client ID contains a client unique identifier by which the client access instance can be uniquely confirmed.
The business service name records the service name under the current limiting rule.
The current limit time window represents a current limit time range, such as 300 visits per minute, and the current limit time window is 1 minute.
The window start time represents the time when the current limit is effective, such as 15 hours, 26 minutes and 30 seconds.
The remaining number of times indicates how many times the client has left access under the current limiting rule. When the number of return times is 0, all accesses fail, but the block information is always carried.
The current limiting information encryption hash value is obtained in the following mode:
the current limiting information encryption hash value = RSA _ Enc (current limiting private key, current limiting information original hash value), where RSA represents an asymmetric encryption algorithm, and the current limiting private key is the current limiting information of the traffic service configuration. The current limiting information original hash value generation rule is as follows:
stream limitation information raw hash value = SHA256 (stream limitation raw information), where SHA256 represents the SHA256 digest algorithm. The original information of the stream limit, i.e. the information contained in 4.1.
The current-limiting public key is matched with the current-limiting private key to complete encryption and decryption of RSA asymmetric encryption.
The current limiting information is synchronized between the client and the server through the current limiting original information, the current limiting information cannot be tampered through the current limiting information encryption hash value and the current limiting public key, the current limiting information is guaranteed to be real and effective, and malicious users are prevented from maliciously tampering the current limiting information, so that the current limiting rule is invalid.
After receiving the current limiting information, the client can adjust the access frequency according to the current remaining access times, so as to ensure that the access does not trigger the current limiting threshold value, thereby resulting in access failure.
The updating method of the flow information block comprises the following steps: after obtaining the traffic information block of the client, the service firstly confirms whether the block information is tampered, and the confirming method comprises the following steps:
first original digest: SHA256 (stream limiting original information). Representing the summary generation of the current limiting original information.
Second original digest: RSA _ Dec (current limit public key, current limit information encryption hash). And the representative performs RSA decryption on the current limiting information encryption hash value, wherein the decrypted value is the original information digest generated at the service end.
And if the first original abstract and the second original abstract are not equal, the flow information block is considered to be tampered, and the access is invalid. And if the traffic information blocks are equal, the traffic information blocks are considered to be real and effective. And the business service updates the flow information block according to the current limiting original information and the current time. The updated traffic information is then used to generate new traffic information by the method 4 and is sent to the client.
And if the same flow information block information exists, the information is sent to the same business service instance, the business service instance can judge whether the flow information block information is used, if the same flow information block information exists, the repeated flow information block information is covered, and the latest flow information stored by the server is taken as the standard. Thereby avoiding secondary consumption of the traffic information block.
In the malicious traffic punishment method, if the traffic of a malicious client enters and the traffic information block is reused, a service instance can be detected in real time, if the traffic is found to be malicious access, the access of the client is immediately returned to fail, and the access of the client to the service is temporarily brought into a blacklist. The malicious traffic definition and the time of access prohibition can be configured by a user.
As shown in fig. 2, a decentralized global current limiting system includes a client module, a service module, a load balancing module, a time synchronization module, and an authentication service module.
The client module is responsible for sending an access request to the service, when the maximum current limiting times is not reached, the service is normally accessed, and when the maximum current limiting times is exceeded, the request returns an exception.
The service module is responsible for maintaining the current limiting information, and updating the current limiting information in time according to the user access condition, so as to ensure the normal current limiting function of the service.
The load balancing module is responsible for polling the client access service to each service instance module, so that the service is prevented from being centralized in one service instance access.
The time synchronization module is responsible for the consistent time of each business service instance, and the consistent time is used for ensuring that the generation and destruction of the flow token of each business service instance are synchronous after the decentralization.
The authentication service module is used for determining that each client access is authenticated, and preventing illegal requests from reaching the service.
Has the beneficial effects that: global current limiting decentralized: the global current limiting rule does not need a separate global current limiting service any more, and the use efficiency of the system is improved.
Current limiting rule tamper-proofing: and the current limiting rule is prevented from being maliciously tampered by introducing an encryption algorithm and a digest algorithm.
The real-time performance is high: through time synchronization, each service instance can synchronize the generation of the service instance token, thereby avoiding the centralized generation of the token and improving the real-time performance of the system.
High concurrency support: all links of the system consider performance bottlenecks possibly generated in practical application, and the current limiting rule of the system is a decentralized design. The validation and judgment of the current limiting rule is carried out at each service instance of the whole system. High concurrency of the system is ensured, and dependence on a single-point system is reduced.
The above embodiments are provided to further explain the objects, technical solutions and advantages of the present invention in detail, it should be understood that the above embodiments are merely exemplary embodiments of the present invention and are not intended to limit the scope of the present invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (9)

1. A decentralized global current limiting method, wherein the current limiting method comprises:
acquiring a business service instance;
the business service instance is configured with a global current limiting rule and a current limiting private key, and the business service instance is started;
a client carries a user certificate to access an authentication service instance to obtain an authentication token;
the client carries an authentication token to access a business service instance, the business service instance forwards the request to an authentication service, the authentication service judges whether the authentication token is valid, if the authentication token is invalid, the business access fails, if the authentication token is valid, whether the client is in a set current limiting rule is judged, and if the authentication token is not in line with the current limiting rule, the access directly passes;
if the current limiting rule is met, the business service instance generates a flow information block according to the current limiting rule;
after receiving the current limiting information, the client adjusts the access frequency according to the current residual access frequency, so as to ensure that the access does not trigger a current limiting threshold value, thereby causing access failure;
and after the business service acquires the flow information block, confirming whether the flow information block is tampered.
2. The decentralized global current limiting method according to claim 1, wherein the configuration manner specifically includes: through configuration files and configuration centers.
3. The decentralized global current limiting method according to claim 1, wherein the client accesses the authentication service instance with the user credential, and the obtaining of the authentication token specifically comprises:
and the authentication service judges whether the user certificate is valid or not, if the user certificate is invalid, the access is failed, and if the user certificate is valid, the authentication token is issued to the client.
4. The decentralized global current limit method according to claim 1, wherein the traffic information block specifically comprises:
limiting the original information, comprising: the method comprises the steps of a current limiting rule ID, a client ID, a business service name, a current limiting time window, a window starting time and residual times;
the current limiting rule ID comprises a current limiting rule identifier corresponding to the client, and the ID of each current limiting rule is unique;
the client ID comprises a unique client identifier, and an access instance of the client is uniquely confirmed according to the unique client identifier;
the business service name records the service name under the effect of the current limiting rule;
the current limiting time window is a current limiting time range;
the window starting time is the current limiting effective time;
the residual times are the residual access times of the client under the corresponding current limiting rule;
acquiring a current limiting information encryption hash value;
and the current-limiting public key is matched with the current-limiting private key to complete the encryption and decryption of the RSA asymmetric encryption.
5. The decentralized global current limiting method according to claim 4, wherein the obtaining of the current limiting information encrypted hash value specifically includes:
the method comprises the steps that (1) a current limiting information encryption hash value = RSA _ Enc (a current limiting private key, a current limiting information original hash value), wherein RSA represents an asymmetric encryption algorithm, and the current limiting private key is current limiting information configured for service;
the current limiting information original hash value generation rule is as follows:
the stream restriction information raw hash value = SHA256 (stream restriction raw information), where SHA256 represents the SHA256 digest algorithm.
6. The decentralized global current limiting method according to claim 1, wherein the service instance further comprises, after generating the traffic information block according to the current limiting rule:
acquiring a first original abstract, including SHA256 (current limiting original information), representing abstract generation of the current limiting original information;
acquiring a second original abstract: RSA _ Dec (current limit public key, current limit information encrypted hash value), which represents that the current limit information encrypted hash value is RSA decrypted, and the decrypted value is an original information digest generated at the service end;
if the first original abstract and the second original abstract are not equal, the flow information block is considered to be tampered, and the access is invalid; if the flow information blocks are equal, the flow information blocks are real and effective;
and the business service updates the flow information block according to the original current-limiting information and the current time, and the updated flow information is issued to the client by generating new flow information.
7. The decentralized global current limiting method according to claim 1, wherein said current limiting method further comprises: if the traffic information block information is the same traffic information block information, the traffic information block information is sent to the same service instance, the service instance judges whether the traffic information block information is used, if the traffic information block information is used, the repeated traffic information block information is covered, and secondary consumption of the traffic information block is avoided on the basis of the latest traffic information stored by the server.
8. The decentralized global current limiting method according to claim 1, wherein said current limiting method further comprises:
if the flow of the malicious client enters and the flow information block is repeatedly used, the business service instance can be detected in real time, if the flow is found to be malicious access, the access of the client is immediately returned to fail, and the access of the client to the business service is temporarily brought into a blacklist.
9. A decentralized global current limiting system, for applying the decentralized global current limiting method according to any one of the preceding claims 1 to 8, wherein the current limiting system comprises:
the system comprises a client module, a service module, a load balancing module, a time synchronization module and an authentication service module;
the client module is used for sending an access request to the business service, when the maximum current limiting times are not reached, the service is normally accessed, and when the maximum current limiting times are exceeded, the request returns an exception;
the service module is used for maintaining the current limiting information, updating the current limiting information in time according to the user access condition and ensuring the normal current limiting function of the service;
the load balancing module is used for polling the client access service to each service instance module so as to avoid the service from being centralized in one service instance access;
the time synchronization module is used for enabling the time of each business service instance to be consistent, and the consistent time is used for ensuring that the generation and destruction of the flow token of each business service instance are synchronous after the decentralization;
the authentication service module is used for determining that the access of each client is authenticated, and preventing illegal requests from reaching the service.
CN202210840309.6A 2022-07-18 2022-07-18 Decentralized global current limiting method and system Pending CN115208674A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210840309.6A CN115208674A (en) 2022-07-18 2022-07-18 Decentralized global current limiting method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210840309.6A CN115208674A (en) 2022-07-18 2022-07-18 Decentralized global current limiting method and system

Publications (1)

Publication Number Publication Date
CN115208674A true CN115208674A (en) 2022-10-18

Family

ID=83581270

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210840309.6A Pending CN115208674A (en) 2022-07-18 2022-07-18 Decentralized global current limiting method and system

Country Status (1)

Country Link
CN (1) CN115208674A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111865920A (en) * 2020-06-18 2020-10-30 多加网络科技(北京)有限公司 Gateway authentication and identity authentication platform and method thereof
CN112039909A (en) * 2020-09-03 2020-12-04 平安科技(深圳)有限公司 Authentication method, device, equipment and storage medium based on unified gateway
CN113468607A (en) * 2020-03-31 2021-10-01 国电南瑞科技股份有限公司 Generation and use method of encrypted tamper-resistant file
CN114650137A (en) * 2022-05-23 2022-06-21 山东省计算中心(国家超级计算济南中心) Decryption outsourcing method and system supporting strategy hiding based on block chain

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113468607A (en) * 2020-03-31 2021-10-01 国电南瑞科技股份有限公司 Generation and use method of encrypted tamper-resistant file
CN111865920A (en) * 2020-06-18 2020-10-30 多加网络科技(北京)有限公司 Gateway authentication and identity authentication platform and method thereof
CN112039909A (en) * 2020-09-03 2020-12-04 平安科技(深圳)有限公司 Authentication method, device, equipment and storage medium based on unified gateway
CN114650137A (en) * 2022-05-23 2022-06-21 山东省计算中心(国家超级计算济南中心) Decryption outsourcing method and system supporting strategy hiding based on block chain

Similar Documents

Publication Publication Date Title
JP4662706B2 (en) Secure recovery in serverless distributed file system
US9544297B2 (en) Method for secured data processing
CN112422532B (en) Service communication method, system and device and electronic equipment
US8024488B2 (en) Methods and apparatus to validate configuration of computerized devices
US7461250B1 (en) System and method for certificate exchange
CN111064569B (en) Cluster key obtaining method and device of trusted computing cluster
JP2019522412A (en) Registration / authorization method, apparatus and system
CN113421097B (en) Data processing method and device, computer equipment and storage medium
US20030037234A1 (en) Method and apparatus for centralizing a certificate revocation list in a certificate authority cluster
JP2009087035A (en) Encryption client device, encryption package distribution system, encryption container distribution system, encryption management server device, solftware module management device and software module management program
CN110730081B (en) Block chain network-based certificate revocation method, related equipment and medium
JPWO2018070242A1 (en) In-vehicle gateway, key management device
CN112187466B (en) Identity management method, device, equipment and storage medium
CN114338242B (en) Cross-domain single sign-on access method and system based on block chain technology
CN108512849B (en) Handshake method and system for accessing server
CN111245813B (en) Cryptographic resource pool system, encryption method, electronic device, and storage medium
CN111683090A (en) Block chain digital signature method and device based on distributed storage
Wei et al. BAVP: blockchain-based access verification protocol in LEO constellation using IBE keys
US20030115461A1 (en) System and method for the signing and authentication of configuration settings using electronic signatures
CN110719167B (en) Block chain-based signcryption method with timeliness
CN114218548B (en) Identity verification certificate generation method, authentication method, device, equipment and medium
CN116388998A (en) Audit processing method and device based on white list
CN111131160A (en) User, service and data authentication system
CN115208674A (en) Decentralized global current limiting method and system
CN112865981B (en) Token acquisition and verification method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination