CN100563160C - Client secure detection method and authority control system - Google Patents

Client secure detection method and authority control system Download PDF

Info

Publication number
CN100563160C
CN100563160C CNB2006101112283A CN200610111228A CN100563160C CN 100563160 C CN100563160 C CN 100563160C CN B2006101112283 A CNB2006101112283 A CN B2006101112283A CN 200610111228 A CN200610111228 A CN 200610111228A CN 100563160 C CN100563160 C CN 100563160C
Authority
CN
China
Prior art keywords
client
security evaluation
evaluation strategy
detection
control system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CNB2006101112283A
Other languages
Chinese (zh)
Other versions
CN1921389A (en
Inventor
雷公武
薛明
梁鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Security Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CNB2006101112283A priority Critical patent/CN100563160C/en
Publication of CN1921389A publication Critical patent/CN1921389A/en
Application granted granted Critical
Publication of CN100563160C publication Critical patent/CN100563160C/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of client secure detection method, comprise: preestablish at least one security evaluation strategy, after the authority control system is received the logging request that client sends, select a predefined security evaluation strategy, extract all detection attributes of each detection type of this security evaluation strategy from client, if all properties of each detection type of extracting all detects attributes match with all of one of them detected object of predefined corresponding detection type, judge that client passes through safety detection; The present invention discloses a kind of authority control system, comprising: security evaluation strategy setting module and safety detection module.The invention enables client as long as but the safety detection of passing through any one security evaluation strategy with regard to the logon rights control system, has improved the success rate of client access authority control system.

Description

Client secure detection method and authority control system
Technical field
The present invention relates to technical field of communication safety and comprising, be specifically related to client secure detection method and authority control system.
Background technology
At present, control technology to user right mainly is divided into two classes: based on the control of authority of user role with based on the control of authority of subscriber equipment fail safe, the authorization of their correspondences is respectively: based on role's mandate (role-based) with based on the mandate (host-based) of client host fail safe, wherein:
Mandate based on the role: the user is divided into different groups or role, and each group or role can visit different resources, come subscriber authorisation according to the group under the user then, and this class authority mode is also referred to as static the mandate;
Mandate based on the client host fail safe: use the safe condition of equipment to give subscriber authorisation according to the user, this class authority mode is also referred to as dynamic authorization.
The prior art authority control system detects sequence and protection of resources strategy and realizes mandate based on the client host fail safe by login is set, detailed process is: when client is wanted the access rights control system, authority control system detects the fail safe of Sequence Detection client earlier according to predefined login, pass through if detect, then allow the client login, otherwise, the login of refusal client; After client logon rights control system, when visiting a certain concrete resource, authority control system also need detect the current safety detection condition that whether satisfies predefined this resource of visit of client, for example: authority control system preestablish client in fire compartment wall operation, the Google desktop does not move and the current browser that uses during as IE6.0 or later version, can visit the Web1 resource; Set client and during as IE6.0 or later version, can visit the Web2 resource at fire compartment wall operation and the current browser that uses.
Below be example with the FirePass equipment of F5 manufacturer, the safety detection process based on the logging on client in the mandate of client host fail safe is described, as shown in Figure 1, its concrete steps are as follows:
Step 101: authority control system receives the logging request that client is sent.
Step 102: authority control system detects sequence according to predefined login, judges whether the fire compartment wall of client is in running status, if, execution in step 103; Otherwise, the login of refusal client, this flow process finishes.
Step 103: authority control system detects sequence according to predefined login, judges whether the Google desktop of client is in running status, if, the login of refusal client; Otherwise, allow the client login.
Can learn by above analysis,, need finish mandate by two steps to client at present based on the authority control system of client host security authorization:
First step: detect sequence by predefined login, detect client and whether can login self.
Second step:, detect client and whether can visit self concrete resource by each concrete resource being provided with the protection strategy.
The shortcoming of prior art is:
One, to detect sequence too harsh to the detection of client login in login, and only when satisfying all login testing conditions, client just can the logon rights control system, and this has reduced the success rate of client logon rights control system.For example: in actual applications, if client will visit when certain login is the lower resource of security requirement, only needs this moment to satisfy and partly login testing conditions and get final product, prior art is not then considered the personalized demand for security of client-access.
Two, login detects sequence and to the protection strategy separate configuration of resource, makes both may have inconsistency, thereby cause the failure of client-access resource.For example: login detects and does not comprise the fire compartment wall detection in the sequence; it is then to require in the protection strategy that is provided with of a certain resource: the fire compartment wall operation; this moment, authority control system was searched the information of whether moving less than fire compartment wall in the login testing result; therefore; even fire compartment wall moves, authority control system also can be refused this resource of client-access.
Three, need the fail safe of twice detection client host, that is: when login, need carry out once safety and detect, when visiting concrete resource, also need once to protect the strategy detection, reduced the operating efficiency of authority control system.
Four, login detection sequence is longer, and the keeper is difficult to be safeguarded.
Five, the variation of customer in response end Host Security and the new demand of authority control system in time may cause grant error.Prior art only detects the fail safe of a client when client is logined; when client long-time when online; the state of a certain the safe sequence of login of client change may take place for example: fire compartment wall transfers not running status to by operation; perhaps; authority control system has been changed the protection strategy to a certain resource; at this moment, authority control system still according to original login testing result or protection of resources strategy to client authorization, can cause grant error.
Summary of the invention
The invention provides client secure detection method and authority control system, to improve the success rate of client logon rights control system.
Technical scheme of the present invention is achieved in that
A kind of client secure detection method, authority control system preestablishes the security evaluation strategy, comprising:
A, authority control system are received the logging request that client is sent, and select a predefined security evaluation strategy, select a detection type in this security evaluation strategy;
B, authority control system extract this detection type from client all detect attributes, judge that all that extract detect attributes and whether detect attributes match with all of one of them detected object of predefined this detection type, if, execution in step C; Otherwise, execution in step D;
C, authority control system judge whether this security evaluation strategy also exists the detection type that does not detect, if, select a detection type that does not detect, go to step B; Otherwise, judge client by safety detection, this flow process finishes;
D, authority control system judge whether that all security evaluation strategies are all tested, if the judgement client is not passed through safety detection; Otherwise, select next security evaluation strategy, go to steps A and carry out the action of in this security evaluation strategy, selecting a detection type.
Authority control system preestablishes the accessible resource tabulation of each security evaluation strategy correspondence,
The described authority control system of step C judges that client further comprises by after the safety detection: authority control system obtains the accessible resource tabulation of predefined current safety assessment strategy correspondence, in this accessible resource tabulation, search the addressable resource of groups of users under this client, with the resource that finds as client in self final addressable resource.
This method further comprises: authority control system preestablishes a safety detection time interval,
The described authority control system of step C judges that client further comprises by after the safety detection: authority control system goes to the action that steps A is carried out a security evaluation strategy of described selection every the described predetermined safety detection time interval.
The described authority control system of step C judges that client further comprises by after the safety detection: authority control system detects the security evaluation strategy and changes, and goes to the action that steps A is carried out a security evaluation strategy of described selection.
Described detection type is a kind of or combination in any in operating system detection type, browser detection type, fire compartment wall detection type, antivirus software detection type, certificate detection type, the file detection type.
Described method further comprises: authority control system is set a safe class for each security evaluation strategy in advance;
The described authority control system of steps A selects a security evaluation strategy to be: select the security evaluation strategy that safe class is the highest;
The described authority control system of step D selects next security evaluation strategy to be: the security evaluation strategy of selecting next safe class.
A kind of authority control system comprises: security evaluation strategy setting module and safety detection module, wherein:
Security evaluation strategy setting module is used to client to set the security evaluation strategy, according to the request of safety detection module, the security evaluation strategy is sent to safety detection module;
Safety detection module, be used for after receiving the logging request that client is sent, to security evaluation strategy setting module request security evaluation strategy, the detection type of the security evaluation strategy of sending for security evaluation strategy setting module, all of this detection type that judgement is extracted from client detect attributes and whether detect attributes match with all of one of them detected object of predefined this detection type, if coupling judges that then client passes through the safety detection of this detection type; If do not match, judge that then client not by the safety detection of this security evaluation strategy, continues to security evaluation strategy setting module request security evaluation strategy; During the safety detection of all detection type of sending by security evaluation strategy setting module when client, judge that client passes through safety detection.
Described security evaluation strategy setting module is further used for, for each security evaluation strategy is set the accessible resource tabulation;
Described system further comprises: groups of users accessible resource logging modle, be used to write down the affiliated addressable the Resources list of groups of users of client, and, the addressable the Resources list of the groups of users under the client is sent to safety detection module according to the request of safety detection module;
Described safety detection module is further used for, when client is passed through safety detection, accessible resource tabulation to security evaluation strategy setting module request current safety assessment strategy correspondence, while addressable the Resources list of groups of users under this client of groups of users accessible resource logging modle request, in the tabulation of the accessible resource of this security evaluation strategy correspondence, search the addressable resource of groups of users under this client, with the resource that finds as client in self final addressable resource.
Described security evaluation strategy setting module is further used for, and the security evaluation strategy that detects self is changed, and sends the change indication to safety detection module;
Described safety detection module is further used for, indicate according to the change that security evaluation strategy setting module is sent, again obtain the security evaluation strategy to security evaluation strategy setting module, the detection type of the security evaluation strategy of sending for security evaluation strategy setting module, all of this detection type that judgement is extracted from client detect attributes and whether detect attributes match with all of one of them detected object of predefined this detection type, if coupling judges that then client passes through the safety detection of this detection type; If do not match, judge that then client not by the safety detection of this security evaluation strategy, continues to security evaluation strategy setting module request security evaluation strategy; During the safety detection of all detection type of sending by security evaluation strategy setting module when client, judge that client passes through safety detection.
Compared with prior art, the present invention preestablishes at least one security evaluation strategy by authority control system, after the authority control system is received the logging request that client sends, in predefined security evaluation strategy, select a security evaluation strategy, extract all detection attributes of each detection type of this security evaluation strategy from client, if all of each detection type of extracting from client detect attributes and all detect attributes match with all of one of them detected object of predefined corresponding detection type, the judgement client is passed through safety detection, but make client as long as pass through just logon rights control system of any one security evaluation strategy, improved the success rate of client logon rights control system; Simultaneously, the present invention is by setting different accessible resource tabulations for each security evaluation strategy, the different security evaluation strategy that makes client to pass through according to self is visited different resources, make that the protection strategy of resource access is consistent with the security strategy of client login, improved the success rate of client-access resource; The present invention simultaneously need not to carry out once safety again and detects when the client-access resource, improved the operating efficiency of authority control system; And the present invention can carry out combination in any and form different security evaluation strategies each detection type according to the physical security demand, is convenient to keeper's maintenance; In addition, the present invention is by regularly carrying out safety detection to client, or when change takes place for the detection attribute of client or security evaluation strategy, client is carried out safety detection again, make and the authority control system variation of customer in response end Host Security in time and the new demand of authority control system have improved the mandate reliability.
Description of drawings
Fig. 1 is existing safety detection flow chart based on the login of the client in the mandate of client host fail safe;
Fig. 2 carries out the flow chart of safety detection for what the embodiment of the invention provided to client;
The composition schematic diagram of the security evaluation strategy that Fig. 3 provides for the embodiment of the invention;
Fig. 4 carries out the composition schematic diagram of the authority control system of safety detection for what the embodiment of the invention provided to client.
Embodiment
The present invention is further described in more detail below in conjunction with drawings and the specific embodiments.
Fig. 2 be the embodiment of the invention provide client is carried out the flow chart of safety detection, as shown in Figure 2, its concrete steps are as follows:
Step 201: authority control system preestablishes at least one security evaluation strategy, as shown in Figure 3, each security evaluation strategy comprises a detection type at least, each detection type comprises a detected object at least, each detected object correspondence detection attribute separately, for each security evaluation strategy is set a safe class, for each security evaluation strategy is set an accessible resource tabulation.
Detection type refers to the destination object that client is carried out safety detection, as shown in Figure 3, can comprise: operating system detection type, browser detection type, fire compartment wall detection type, antivirus software detection type, certificate detection type, file detection type etc.Each detection type has detection attribute separately, as shown in Figure 3, the operating system detection type can comprise the detection attribute: OS Type, operating system version, operating system patch etc., the browser detection type can comprise the detection attribute: browser version, browser patch etc.
Detected object refers to an example of detection type, is the instantiation to the various detection attributes of detection type.As shown in Figure 3, the operating system detected object can be safe-win98 or safe-win2000, and wherein, the detection attribute of safe-win98 correspondence is: OS Type is Windows, and operating system version is 98, and operating system installation the KB0111 patch; The detection attribute of safe-win2000 correspondence is: OS Type is Windows, and operating system version is 2000, and operating system installation the KB0111 patch.The browser detected object can be: safe-ie6 or safe-netscape7, and wherein, the detection attribute of safe-ie6 correspondence is: browser version is IE6.098, and browser has been installed the KB01432 patch; The detection attribute of safe-netscape7 correspondence is: browser version is NETSCAPE7.0, and browser has been installed the KB0133 patch.
How much relevant the safe class of security evaluation strategy is with addressable resource under this security evaluation strategy, for example: can set more accessible resource for the high security evaluation strategy of safe class.
Step 202: authority control system is received the logging request that client is sent, and according to predefined safe class, selects the highest security evaluation strategy of safe class in predefined security evaluation strategy.
Step 203: authority control system is selected a detection type in this security evaluation strategy.
Step 204: the detection attribute of the detected object of this detection type of authority control system reading pre-set and detected object.
Step 205: authority control system is from the detection type corresponding detection attribute of client extraction with this security evaluation strategy of selecting.
For example: if detection type is operating system, then the authority control system type, version, patch etc. of extracting operating system from client detect attribute information.
Step 206: authority control system judge the detection type extracted from client all detect attributes and whether detect attributes match with all of one of them detected object of predefined this detection type, if, execution in step 207; Otherwise, execution in step 212.
When comprising more than one detected object in certain detection type of the predefined security evaluation strategy of authority control system, as long as all of this detection type of extracting from client detect all of one of them detected object of attributes and predefined this detection type of authority control system and detect attributes match, determine that then this client passes through the safety detection of this detection type.
Step 207: authority control system is judged the safety detection of client by this detection type, judges whether this security evaluation strategy also exists the detection type that does not detect, if, execution in step 208; Otherwise, execution in step 209.
Step 208: authority control system is selected a detection type that does not detect in the current safety assessment strategy, go to step 204.
Step 209: authority control system is from the accessible resource tabulation of this security evaluation strategy correspondence of self reading pre-set.
Step 210: the accessible resource tabulation of the groups of users of authority control system under this client of self reading pre-set.
Step 211: authority control system is in the accessible resource tabulation of this security evaluation strategy correspondence, search the affiliated addressable resource of groups of users of this client, as client final addressable resource on this authority control system, this flow process finishes with the resource that finds.
When client was wanted a certain the resource of access rights control system, authority control system judged at first whether this resource is included in client within self final addressable resource, if allow this resource of client-access; Otherwise, this resource of refusal client-access.
Step 212: authority control system judgement client is passed through the safety detection of this detection type, thereby judges that client by the safety detection of this security evaluation strategy, judges whether that all security evaluation strategies are all tested, if, execution in step 213; Otherwise, execution in step 214.
Step 213: authority control system is judged client not by safety detection, the login self of refusal client, and this flow process finishes.
Step 214: authority control system is selected the security evaluation strategy of next safe class, goes to step 203.
Because, during client is online, the Host Security of client change may take place for example: certain of client detects attribute and changes, simultaneously, certain security evaluation strategy of authority control system also may be changed, and the present invention makes authority control system can in time respond the change of Host Security or security evaluation strategy by following dual mode:
Mode one, when client is online, authority control system carries out once safety every the predetermined safety detection time interval to client and detects.
Mode two, when client is online, strategy is changed as long as authority control system detects security evaluation, just client is carried out safety detection again.
Fig. 4 be the embodiment of the invention provide client is carried out the composition schematic diagram of the authority control system of safety detection, as shown in Figure 4, it mainly comprises: security evaluation strategy setting module 41, groups of users accessible resource logging modle 42 and safety detection module 43, wherein:
Security evaluation strategy setting module 41: be used to client to set at least one security evaluation strategy, each security evaluation strategy comprises a detection type at least, each detection type comprises a detected object at least, for each detected object is set the detection attribute, and be that each security evaluation strategy is set a safe class and an accessible resource tabulation; When receive that safety detection module 43 sends obtain the security evaluation strategy request after, according to the height of safe class, select one not send to security evaluation strategy safety detection module 43, that safe class is the highest and send to safety detection module 43; When receive that safety detection module 43 sends obtain the accessible resource request after, the accessible resource tabulation that is sent to the security evaluation strategy correspondence of safety detection module 43 the last time sends to safety detection module 43.
Further, security evaluation strategy setting module 41 is used for, and the security evaluation strategy that detects self is changed, and sends security evaluation strategy change indication to safety detection module 43.
Groups of users accessible resource logging modle 42: the corresponding relation that is used to preserve client identification and groups of users sign, and the accessible resource tabulation of writing down each groups of users, when receive that safety detection module 43 sends carry client identification obtain the accessible resource request after, according to this client identification, the accessible resource tabulation of the groups of users of correspondence is sent to safety detection module 43.
Safety detection module 43: be used for after receiving the logging request that client is sent, send the request of obtaining the security evaluation strategy to security evaluation strategy setting module 41, judge in all detected objects of each detection type that security evaluation strategy setting module 41 returns, whether all detection attributes of a detected object and all detection attributes match of the corresponding detection type of extracting from client are arranged respectively, if coupling, judge that then client passes through safety detection, send the accessible resource request of obtaining to security evaluation strategy setting module 41, send the accessible resource request of obtaining of carrying client identification to groups of users accessible resource logging modle 42 simultaneously, in the accessible resource tabulation of this security evaluation strategy correspondence that security evaluation strategy setting module 41 returns, search the addressable resource of groups of users under this client that groups of users accessible resource logging modle 42 returns, with the resource that finds as client in self final addressable resource; If do not match, judge that then client not by the safety detection of current safety assessment strategy, continues to obtain to security strategy assessment setting module 41 the security evaluation strategy of next safe class.
Safety detection module 43 is further used for, after receiving the security evaluation strategy change indication that security evaluation strategy setting module 41 is sent, obtain the request of security evaluation strategy again again client is carried out safety detection to 41 transmissions of security evaluation strategy setting module.
The above only is process of the present invention and method embodiment, in order to restriction the present invention, all any modifications of being made within the spirit and principles in the present invention, is not equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (9)

1, a kind of client secure detection method is characterized in that, authority control system preestablishes the security evaluation strategy, comprising:
A, authority control system are received the logging request that client is sent, and select a predefined security evaluation strategy, select a detection type in this security evaluation strategy;
B, authority control system extract this detection type from client all detect attributes, judge that all that extract detect attributes and whether detect attributes match with all of one of them detected object of predefined this detection type, if, execution in step C; Otherwise, execution in step D;
C, authority control system judge whether this security evaluation strategy also exists the detection type that does not detect, if, select a detection type that does not detect, go to step B; Otherwise, judge client by safety detection, this flow process finishes;
D, authority control system judge whether that all security evaluation strategies are all tested, if the judgement client is not passed through safety detection; Otherwise, select next security evaluation strategy, go to steps A and carry out the action of in this security evaluation strategy, selecting a detection type.
2, client secure detection method as claimed in claim 1 is characterized in that, authority control system preestablishes the accessible resource tabulation of each security evaluation strategy correspondence,
The described authority control system of step C judges that client further comprises by after the safety detection: authority control system obtains the accessible resource tabulation of predefined current safety assessment strategy correspondence, in this accessible resource tabulation, search the addressable resource of groups of users under this client, with the resource that finds as client in self final addressable resource.
3, client secure detection method as claimed in claim 1 is characterized in that, this method further comprises: authority control system preestablishes a safety detection time interval,
The described authority control system of step C judges that client further comprises by after the safety detection: authority control system goes to the action that steps A is carried out a security evaluation strategy of described selection every the described predetermined safety detection time interval.
4, client secure detection method as claimed in claim 1, it is characterized in that, the described authority control system of step C judges that client further comprises by after the safety detection: authority control system detects the security evaluation strategy and changes, and goes to the action that steps A is carried out a security evaluation strategy of described selection.
5, client secure detection method as claimed in claim 1, it is characterized in that described detection type is a kind of or combination in any in operating system detection type, browser detection type, fire compartment wall detection type, antivirus software detection type, certificate detection type, the file detection type.
6, client secure detection method as claimed in claim 1 or 2 is characterized in that, described method further comprises: authority control system is set a safe class for each security evaluation strategy in advance;
The described authority control system of steps A selects a security evaluation strategy to be: select the security evaluation strategy that safe class is the highest;
The described authority control system of step D selects next security evaluation strategy to be: the security evaluation strategy of selecting next safe class.
7, a kind of authority control system is characterized in that, comprising: security evaluation strategy setting module and safety detection module, wherein:
Security evaluation strategy setting module is used to client to set the security evaluation strategy, according to the request of safety detection module, the security evaluation strategy is sent to safety detection module;
Safety detection module, be used for after receiving the logging request that client is sent, to security evaluation strategy setting module request security evaluation strategy, the detection type of the security evaluation strategy of sending for security evaluation strategy setting module, all of this detection type that judgement is extracted from client detect attributes and whether detect attributes match with all of one of them detected object of predefined this detection type, if coupling judges that then client passes through the safety detection of this detection type; If do not match, judge that then client not by the safety detection of this security evaluation strategy, continues to security evaluation strategy setting module request security evaluation strategy; During the safety detection of all detection type of sending by security evaluation strategy setting module when client, judge that client passes through safety detection.
8, authority control system as claimed in claim 7 is characterized in that, described security evaluation strategy setting module is further used for, for each security evaluation strategy is set the accessible resource tabulation;
Described system further comprises: groups of users accessible resource logging modle, be used to write down the affiliated addressable the Resources list of groups of users of appearance family end, and, the addressable the Resources list of the groups of users under the client is sent to safety detection module according to the request of safety detection module;
Described safety detection module is further used for, when client is passed through safety detection, accessible resource tabulation to security evaluation strategy setting module request current safety assessment strategy correspondence, while addressable the Resources list of groups of users under this client of groups of users accessible resource logging modle request, in the tabulation of the accessible resource of this security evaluation strategy correspondence, search the addressable resource of groups of users under this client, with the resource that finds as client in self final addressable resource.
9, authority control system as claimed in claim 7 is characterized in that, described security evaluation strategy setting module is further used for, and the security evaluation strategy that detects self is changed, and sends the change indication to safety detection module;
Described safety detection module is further used for, indicate according to the change that security evaluation strategy setting module is sent, again obtain the security evaluation strategy to security evaluation strategy setting module, the detection type of the security evaluation strategy of sending for security evaluation strategy setting module, all of this detection type that judgement is extracted from client detect attributes and whether detect attributes match with all of one of them detected object of predefined this detection type, if coupling judges that then client passes through the safety detection of this detection type; If do not match, judge that then client not by the safety detection of this security evaluation strategy, continues to security evaluation strategy setting module request security evaluation strategy; During the safety detection of all detection type of sending by security evaluation strategy setting module when client, judge that client passes through safety detection.
CNB2006101112283A 2006-08-15 2006-08-15 Client secure detection method and authority control system Active CN100563160C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2006101112283A CN100563160C (en) 2006-08-15 2006-08-15 Client secure detection method and authority control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2006101112283A CN100563160C (en) 2006-08-15 2006-08-15 Client secure detection method and authority control system

Publications (2)

Publication Number Publication Date
CN1921389A CN1921389A (en) 2007-02-28
CN100563160C true CN100563160C (en) 2009-11-25

Family

ID=37778974

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2006101112283A Active CN100563160C (en) 2006-08-15 2006-08-15 Client secure detection method and authority control system

Country Status (1)

Country Link
CN (1) CN100563160C (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101616034B (en) * 2008-06-25 2012-06-20 华为技术有限公司 Method and system for monitoring and updating terminal security status
CN102457476B (en) * 2010-10-15 2015-04-01 中兴通讯股份有限公司 Security defend method and system for peer-to-peer network
EP2820584B1 (en) * 2012-03-02 2019-04-10 Signify Holding B.V. System and method for access decision evaluation for building automation and control systems
CN104077532B (en) * 2014-06-20 2017-08-25 中标软件有限公司 A kind of Linux virtual platforms safety detection method and system
CN104135386A (en) * 2014-08-11 2014-11-05 联想(北京)有限公司 Method for expanding resources and method for controlling resources
CN107864677B (en) * 2015-07-22 2022-05-27 爱维士软件有限责任公司 Content access authentication system and method
WO2020115782A1 (en) * 2018-12-03 2020-06-11 三菱電機株式会社 Information processing device, information processing method, and information processing program
CN112087459B (en) * 2020-09-11 2023-02-21 杭州安恒信息技术股份有限公司 Access request detection method, device, equipment and readable storage medium
CN115085958B (en) * 2021-03-12 2023-09-08 华为技术有限公司 Access control method and related device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
一种网络安全检测系统的设计与实现. 喻宏传.铁路计算机应用,第12卷第9期. 2003
一种网络安全检测系统的设计与实现. 喻宏传.铁路计算机应用,第12卷第9期. 2003 *

Also Published As

Publication number Publication date
CN1921389A (en) 2007-02-28

Similar Documents

Publication Publication Date Title
CN100563160C (en) Client secure detection method and authority control system
US8832796B2 (en) Wireless communication terminal, method for protecting data in wireless communication terminal, program for having wireless communication terminal protect data, and recording medium storing the program
CN108833365B (en) Traffic-based service logic vulnerability detection method and system
JP5956570B2 (en) Network access control system and method
CN100481101C (en) Method for computer safety start
CN104484617A (en) Database access control method on basis of multi-strategy integration
CN113779585A (en) Unauthorized vulnerability detection method and device
CN103051627A (en) Rebound trojan horse detection method
CN104009885A (en) Virtual machine simultaneous-locating detection method based on hidden channel under cloud environment
CN113132311A (en) Abnormal access detection method, device and equipment
CN105550628A (en) Fingerprint inputting and recording method and apparatus
US7540019B2 (en) Processing device capable of implementing flexible access control
CN105488390B (en) A kind of apocrypha under Linux finds method and system
JP6258189B2 (en) Specific apparatus, specific method, and specific program
KR101541158B1 (en) Homepage modulation detection apparatus and method
CN105812270A (en) Information processing method and wireless routing device
CN104899483A (en) Boot permission verification method based on intelligent terminal and system of boot permission verification method
CN106778276B (en) Method and system for detecting malicious codes of entity-free files
CN108512806A (en) A kind of operation behavior analysis method and server based on virtual environment
CN111611580B (en) Method and system for detecting whether program runs in environment of Jinshan safe sandbox system
CN102984229A (en) Method and system for assembling confidence machine
CN113409497A (en) Unlocking method, device, equipment and storage medium based on wireless network
CN110427747B (en) Identity authentication method and device supporting service security mark
KR101022514B1 (en) Method and system for remotely booting computer
CN105282091A (en) Security application server detection method and system thereof

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP03 Change of name, title or address

Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Patentee after: Xinhua three Technology Co., Ltd.

Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base

Patentee before: Huasan Communication Technology Co., Ltd.

CP03 Change of name, title or address
TR01 Transfer of patent right

Effective date of registration: 20180925

Address after: 230088 the 541 phase of H2 two, two innovation industrial park, No. 2800, innovation Avenue, Hi-tech Zone, Hefei, Anhui.

Patentee after: Xinhua three information Safe Technology Ltd

Address before: No. 466 Changhe Road, Binjiang District

Patentee before: Xinhua three Technology Co., Ltd.

TR01 Transfer of patent right