CN101867588A - Access control system based on 802.1x - Google Patents
Access control system based on 802.1x Download PDFInfo
- Publication number
- CN101867588A CN101867588A CN 201010228710 CN201010228710A CN101867588A CN 101867588 A CN101867588 A CN 101867588A CN 201010228710 CN201010228710 CN 201010228710 CN 201010228710 A CN201010228710 A CN 201010228710A CN 101867588 A CN101867588 A CN 101867588A
- Authority
- CN
- China
- Prior art keywords
- authentication
- module
- client
- user
- usbkey
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
The invention relates to an access control system based on 802.1x, which is characterized in that the access control system comprises a client system, an authentication server and an authenticator system, wherein the client system comprises an 802.1x authentication module, a network access equipment monitoring module and a USB KEY monitoring module, the 802.1x authentication module is responsible for realizing the interaction of the authenticator system and the authentication server, sending and receiving authentication information, and completing the user authentication and the access control, the network access equipment monitoring module is responsible for monitoring the state change of the client network access equipment and giving the notification to the 802.1x authentication module, and the USB KEY monitoring module is responsible for obtaining the state change information of the USB KEY and the authentication information in the USB KEY, and giving the notification to the 802.1x authentication module. The invention provides the access control system with higher safety, finer control granularity and better flexibility on the basis of the original 802.1x access control system.
Description
Technical field
The present invention relates to filed of network information security, be primarily aimed at the application of LAN data safety, be used to strengthen the client access control of LAN safety.
Background technology
Development along with network and information technology, at present, office of home government, secret department, scientific research institution, finance and enterprises and institutions have possessed the internal network of considerable scale, yet internal network self but exists very important potential safety hazard, also data safety is constituted serious threat when greatly improving production work efficient.Data security not only is related to individual's privacy concern, also is related to the trade secret and the existence problem of enterprise, even is related to a nation's security problem.Because a large amount of business and technical data all is stored among the computer of Intranet, in case, cause the loss that is difficult to retrieve for enterprise or country owing to the incident that data are revealed, destroyed appears in safety problem.
In addition, according to the investigation result of FBI and China national information security evaluation and test authentication center as can be known, security threat more than 80% is from inside, the loss that the loss that business and government mechanism causes because of significant data is stolen is caused considerably beyond virus infections and assault, investigation result has proved also that simultaneously information security issue mainly divulges a secret from inside, rather than by virus and external hacker cause, and compare with the Internet, the safety measure of Intranet is weak more, access speed is faster, therefore easier initiation safety problem solves the LAN data safety problem and is of great practical significance.
At present, an important security threat that influences intranet data safety is Intranet is lacked effective access control means, as long as the user can the access to LAN switch, just can insert Intranet smoothly, visits equipment or resource in the Intranet.Main access control technology comprises PPPoE, Web+VLAN and 802.1x at present.
1.PPPoE(Point-to-PointProtocoloverEthernet)
The PPPoE technology is a kind of early stage access authentication technique, still has very high utilization rate at present aspect broadband inserting service.PPPoE utilizes ppp protocol encapsulation Ether frame to initiate the connection request of a point-to-point, by Ethernet switch or dsl device, links on the accessing gateway equipment.Accessing gateway equipment and RADIUS authentication server are finished user's access authentication jointly.The deficiency of PPPoE technology is: inserting the user is that point-to-point connects to what use between access device, and the realization of multicast has been caused difficulty; Access authentication stage produces a large amount of broadcasting packets, can produce bigger influence to network performance, and efficient is lower, is not suitable for being used in carrying out access control in the local area network (LAN).The detailed introduction of PPPoE technology see document " AMethodforTransmittingPPPOverEthernet (PPPoE) " (L.Mamakos, K.Lidl, J.Evarts, D.Carrel, D.Simone-RFC2516, February1999).
2.WEB+DHCP
WEB+DHCP is a kind of more popular access authentication technique, and its authentication to the client is to realize by input username and password in the page of browsing.To distribute authenticating address by Dynamic Host Configuration Protocol server earlier when at first the user inserts, and by local side apparatus URL visit login page be forced in this IP address, the user finishes user's access authentication by the WEB certificate server after importing username and password.The WEB+DHCP authentication techniques do not need special client software, but since WEB authentication be carried on the application layer protocol, to having relatively high expectations of the network equipment, networking cost height, user's connectivity difference and be difficult to detect whether off-line of user.
3.802.1x
802.1x be a kind of access control scheme, be mainly used in the Verify Your Identity questions when solving user's access to LAN based on port.
802.1x the architecture of agreement is made of three parts: FTP client FTP (requestor), authenticator system, certificate server, as shown in Figure 1.
(1) FTP client FTP (requestor): the requestor normally supports the subscriber terminal equipment of 802.1x authentication, and the user initiates the 802.lx authentication by starting client software.
(2) authenticator system: Verification System authenticates the authentication requester that is connected to the link opposite end.Verification System is generally the network equipment of supporting the 802.lx agreement, for the requestor provides serve port.The port of Verification System logically can be divided into " controlled port " and " uncontrollable port " again." uncontrollable port " is in the diconnected state all the time, is used to transmit the required EAP packet of 802.1x authentication, guarantees that FTP client FTP can send and receive authentication message to the authenticator system all the time." controlled port " then only just can be opened under the situation that client certificate passes through, and behind the authentication success, the requestor just can and obtain corresponding service by " controlled port " accesses network resource; Otherwise controlled ports is in un-authenticated state, the service that the user can't access authentication system provides.
(3) certificate server: certificate server is the entity that authentication service is provided for Verification System, uses radius server to realize the authentication and authorization function of certificate server usually.
MD5Challenge authentication with the 802.1x agreement is an example, and the verification process of 802.1x is as follows:
(1) during user access network, use the 802.1x client-side program, initiate connection request, at this moment, client-side program will send the EAPOL-Start message and give Verification System (switch), begin one time verification process.
(2) after Verification System is received the data message of request authentication, will send an EAP-Request/Identity request message and give user client, and require client-side program to send the user name of user's input.
(3) the client-side program response authentication system request of sending is issued Verification System with username information by the EAP-Response/Identity message.The data message forwarding that Verification System is sent up client is handled to certificate server.
(4) after certificate server is received the username information that Verification System transmits up, with an encrypted word that generates at random it is carried out encryption, simultaneously also this encrypted word is packaged into data message and sends Verification System to, data message is passed to client-side program by Verification System.
(5) after client-side program is received the encrypted word that is transmitted by Verification System, password is partly carried out encryption (as calculating its hash value), return the EAP-Response message and pass to certificate server by Verification System with this encrypted word.
(6) after certificate server is received password information after the encryption that Verification System transmits, itself and oneself are compared through the password information behind the cryptographic calculation, if coupling, think that then this user is validated user, feedback EAP-Success authentication success message, Verification System is opened port, and the user can accesses network.Otherwise, the message of feedback EAP-Failure authentification failure, and keep the closed condition of switch ports themselves, only allow the authentication information data by and do not allow business datum to pass through.
802.1x the user access control problem that Intranet faced has been alleviated in the proposition of agreement to a certain extent, but also exposes except a series of problems in actual use.As:
(1) authentication information of client submission mainly comprises username and password, digital certificate etc., authentication mode based on username and password lacks enough fail safes, though and the authentication mode of digital certificate can provide higher fail safe, but need the support of complicated infrastructure, more loaded down with trivial details, be difficult to extensive use.
(2) there is the problem of some security controls in 802.1x in actual application, as the access control, the authentication back user behavior that are difficult to realize user class lack control and be difficult to realize fine-grained access control etc. (duplicating problem etc. as MAC Address).802.1x document " IEEE802.1xRemoteAuthenticationDialInUserService (RADIUS) UsageGuidelines " (P.Congdon, B.Aboba, A.Smith are seen in the detailed introduction of technology, G.Zorn, J.Roese-RFC3580, September, 2003).
At the demand, the present invention innovates on the basis of 802.1x agreement, proposes a kind of access control system scheme with greater security, thinner control granularity, better flexibility, to help further solution LAN subscriber access control problem.
Summary of the invention
Purpose of the present invention is exactly on the basis of original 802.1x access control system, and a user access control system with greater security, thinner control granularity, better flexibility is provided.
The present invention adopts following scheme to realize: a kind of access control system based on 802.1x, it is characterized in that: comprise FTP client FTP, authenticator system and certificate server, described FTP client FTP comprises: the 802.1x authentication module, be responsible for described authenticator system, certificate server mutual, send and accept authentication information, finish authentification of user and access control; The network access equipment monitoring module is responsible for the state variation of monitor client network access equipment and is notified 802.1x authentication module; The USBKEY monitoring module is responsible for obtaining the authentication information in USBKEY state change information and the USBKEY, and notice 802.1x authentication module; The packet filtering engine is realized the fine-granularity network access control of user class by packet filtering; Client integrity detection module is responsible for the integrality of each module of client is detected, and guarantees that the user can not use unauthenticated or the client of more correcting one's mistakes is carried out the 802.1x authentication.
The present invention is on the basis of original 802.1x access control system, the monitoring of integration networks access device, USBKEY monitoring authentication, packet filtering engine, integrity detection are in one, be a kind of effective access control means, solved existing potential safety hazard in the local area network (LAN).
Description of drawings
Fig. 1 is the architectural schematic of traditional 802.1x agreement.
Fig. 2 is a system configuration schematic diagram of the present invention.
Embodiment
The present invention will be further described below in conjunction with drawings and Examples.
As shown in Figure 2, the invention provides a kind of access control system based on 802.1x, it is characterized in that: comprise FTP client FTP, certificate server and authenticator system, described FTP client FTP comprises: the 802.1x authentication module, be responsible for described authenticator system, certificate server mutual, send and accept authentication information, finish authentification of user and access control; The network access equipment monitoring module is responsible for the state variation of monitor client network access equipment and is notified 802.1x authentication module; The USBKEY monitoring module is responsible for obtaining the authentication information in USBKEY state change information and the USBKEY, and notice 802.1x authentication module; The packet filtering engine is realized the fine-granularity network access control of user class by packet filtering; Client integrity detection module is responsible for the integrality of each module of client is detected, and guarantees that the user can not use unauthenticated or the client of more correcting one's mistakes is carried out the 802.1x authentication.Authenticator system in present embodiment in the 802.1x access control system of authenticator system and standard is identical, is generally the various network device of supporting the 802.1x agreement, is generally access switch.Certificate server is generally the Radius server.
In order to allow those skilled in the art better understand the present invention, introduce each module of the present invention below respectively in detail.
The 802.1x authentication module is at first described, this module is except that realizing 802.1x agreement specified standard identifying procedure, also comprise the interface with network access equipment monitoring module, USBKEY monitoring module, obtain network card status change information and MAC Address of Network Card by interface with the network access equipment monitoring module; By obtaining the authentication code stored among USBKEY state change information and the USBKEY with the interface of USBKEY monitoring module.802.1x authentication module uses the authentication code by storing among the MAC Address of interface acquisition and the USBKEY to constitute the combination authentication information that sends to the authenticator system.
Next describes the network access equipment monitoring module, the NDIS network-driven interface that the network access equipment monitoring module provides by the Windows system obtains the MAC Address of network interface card and the change situation of monitoring MAC Address, and the MAC Address that the network access equipment monitoring module obtains will send to improvement 802.1x authentication module as one of user authentication information by itself and communication interface between the 802.1x authentication module; In addition, control strategy by prior setting, the network access equipment monitoring module can be forbidden the user's modification MAC Address, preventing that malicious user from utilizing the defective of 802.1x protocol authentication process, is that the MAC Address of validated user place client is walked around 802.1x authentication mechanism access to LAN by revising MAC.
Once more, describe the USBKEY monitoring module, the function of USBKEY monitoring module is to obtain the authentication information of storing among the USBKEY and monitor the variation of USBKEY state by the USBKEY driver.When the user carries out the access identity authentication, the USBKEY monitoring module is accepted to instruct from the authentication information that obtains of 802.1x protocol authenticate module, returns authentication information by the communication interface between USBKEY monitoring module and 802.1x protocol authenticate module to the 801.1x authentication module; The USBKEY monitoring module is monitored the variation of USBKEY state simultaneously and is notified the 802.1x authentication module with state change information by the communication interface between USBKEY monitoring module and 802.1x authentication module.When the user pulled out USBKEY, the USBKEY monitoring module sent the state information that USBKEY has extracted to the 802.1x protocol authenticate module, and the 802.1x authentication module will send the authentication state of the LOGOFF message and the client of resetting to the authenticator system; When the user inserted USBKEY, the USBKEY monitoring module sent the message that USBKEY has inserted to the 802.1x authentication module, and the 802.1x authentication module will send START message to the authenticator, started the process of network insertion authentication.
Then, the client packets filter engine is described.802.1x agreement is an authentication protocol based on port, the operation granularity that is to say 802.1x is a port, and port logically can be divided into " controlled port " and " uncontrollable port " again." uncontrollable port " is in the diconnected state all the time, is used to transmit the required EAP packet of 802.1x authentication, guarantees that client can send and receive authentication message to the authenticator all the time." controlled port " then only just can be opened under the situation that client certificate passes through, and behind the authentication success, the requestor just can and obtain corresponding service by " controlled port " accesses network resource.Though aforesaid way can effectively be controlled the visit of client to local area network (LAN), lack the control granularity of user class, can't distinguish from the different user of same client login and accesses network, lack enough flexibilities in most of application scenarios.Therefore certificate scheme described in the invention has been introduced the notion of client packets filter engine (PFE:PacketFilteringEngine), after FTP client FTP is by authentication, the certification policy that certificate server extracts from user's control strategy database of authenticator system and certain authenticated user is bound, the return authentication strategy is given the 802.1x authentication module after being encapsulated into datagram, 802.1x authentication module sends to PFE with the part of the access to netwoks control strategy in the certification policy by the communication interface between 802.1x authentication module and PFE, PFE is provided with the packet filtering rule according to the access to netwoks control strategy that receives, and the packet that specific user on the client is sent and receives according to the packet filtering rule filters.The introducing of PFE and above-mentioned packet filtering strategy have been realized the access control of user class, and can provide fine-grained access to netwoks control ability at the difference service, satisfy actual needs.
At last, client integrity detection module is described, the function of client integrity detection module is the integrality that guarantees client 802.1x authentication module, client network access device monitoring module, client USBKEY monitoring module, client packets filter engine, above-mentioned each module that what guarantee to use in the access control process is unmodified, delete, thus prevent that the user from walking around the standard authentication process of this programme definition by the mode of using third party's authentication module to substitute former functional module or the former functional module of Crack.This module is significant to effective execution of access authentication scheme described in the invention.The testing process of client integrity detection module is as follows:
(1) user uses the 802.1x authentication module, initiates connection request, promptly sends the EAPOL-Start message to the authenticator system;
(2) after the data message of request authentication is received by the authenticator system, send the EAP-Request/Identity request message, require the 802.1x authentication module to send the user name of user's input to FTP client FTP;
(3) 802.1x authentication module response authentication person system request is issued the authenticator system by the EAP-Response/Identity message with user name;
(4) after certificate server was received the username information of authenticator's system forwards, certificate server was determined according to user name and the USBKEY authentication information of this user binding;
(5) the authenticator system sends the EAP-Request/Notification message to client, requires client to send the integrity detection information that client integrity detection module detects;
(6) 802.1x authentication module response authentication person system request, at first utilize the hashed value of the executable file of MD5 algorithm computation 802.1x authentication module, network access equipment monitoring module, USBKEY monitoring module, packet filtering engine, again the hashed value of each module is carried out summation operation, as key the result of hash computing is encrypted the integrity detection information that generates with unique ID of storing among the USBKEY then, and integrated authentication information is encapsulated in the EAP-Response/Notification message, by authenticator's system forwards to certificate server;
(7) after certificate server is received the integrity detection message, the username information that sends according to FTP client FTP extracts in the certificate server database and the ID of the USBKEY of user binding, use the ID of USBKEY to be decrypted as key, the hashed value of the master module of storing in integrity detection information and the certificate server is compared, if it is identical, specification module is without change, and integrity detection is passed through, and continues subsequent operation; Otherwise specification module is illegally changed, and certificate server will stop mutual with client.
The above only is preferred embodiment of the present invention, and all equalizations of being done according to the present patent application claim change and modify, and all should belong to covering scope of the present invention.
Claims (3)
1. access control system based on 802.1x, it is characterized in that: comprise FTP client FTP, certificate server and authenticator system, described FTP client FTP comprises:
802.1x authentication module is responsible for described authenticator system, certificate server alternately, sends and accept authentication information, finishes authentification of user and access control;
The network access equipment monitoring module is responsible for the state variation of monitor client network access equipment and is notified 802.1x authentication module;
The USBKEY monitoring module is responsible for obtaining the authentication information in USBKEY state change information and the USBKEY, and notice 802.1x authentication module;
The packet filtering engine is realized the fine-granularity network access control of user class by packet filtering;
Client integrity detection module is responsible for the integrality of each module of client is detected, and guarantees that the user can not use unauthenticated or the client of more correcting one's mistakes is carried out the 802.1x authentication.
2. the access control system based on 802.1x according to claim 1, it is characterized in that: the workflow of described packet filtering engine comprises: after FTP client FTP is by authentication, the certification policy that certificate server extracts from user's control strategy database and certain authenticated user is bound, give the 802.1x authentication module by authenticator system return authentication strategy after being encapsulated into datagram, 802.1x authentication module sends to PFE with the part of the access to netwoks control strategy in the certification policy by the communication interface between 802.1x authentication module and PFE, PFE is provided with the packet filtering rule according to the access to netwoks control strategy that receives, and the packet that specific user on the client is sent and receives according to the packet filtering rule filters.
3. the access control system based on 802.1x according to claim 1 is characterized in that: the testing process of described client integrity detection module comprises:
(1) user uses the 802.1x authentication module, initiates connection request, promptly sends the EAPOL-Start message to the authenticator system;
(2) after the data message of request authentication is received by the authenticator system, send the EAP-Request/Identity request message, require the 802.1x authentication module to send the user name of user's input to FTP client FTP;
(3) 802.1x authentication module response authentication person system request is issued the authenticator system by the EAP-Response/Identity message with user name;
(4) after certificate server was received the username information of authenticator's system forwards, certificate server was determined according to user name and the USBKEY authentication information of this user binding;
(5) the authenticator system sends the EAP-Request/Notification message to client, requires client to send the integrity detection information that client integrity detection module detects;
(6) 802.1x authentication module response authentication person system request, at first utilize the hashed value of the executable file of MD5 algorithm computation 802.1x authentication module, network access equipment monitoring module, USBKEY monitoring module, packet filtering engine, again the hashed value of each module is carried out summation operation, as key the result of hash computing is encrypted the integrity detection information that generates with unique ID of storing among the USBKEY then, and integrated authentication information is encapsulated in the EAP-Response/Notification message, by authenticator's system forwards to certificate server;
After certificate server is received the integrity detection message, the username information that sends according to FTP client FTP extracts in the certificate server database and the ID of the USBKEY of user binding, use the ID of USBKEY to be decrypted as key, the hashed value of the master module of storing in integrity detection information and the certificate server is compared, if it is identical, specification module is without change, and integrity detection is passed through, and continues subsequent operation; Otherwise specification module is illegally changed, and certificate server will stop mutual with client.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 201010228710 CN101867588A (en) | 2010-07-16 | 2010-07-16 | Access control system based on 802.1x |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 201010228710 CN101867588A (en) | 2010-07-16 | 2010-07-16 | Access control system based on 802.1x |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101867588A true CN101867588A (en) | 2010-10-20 |
Family
ID=42959153
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 201010228710 Pending CN101867588A (en) | 2010-07-16 | 2010-07-16 | Access control system based on 802.1x |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101867588A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102271133A (en) * | 2011-08-11 | 2011-12-07 | 北京星网锐捷网络技术有限公司 | Authentication method, device and system |
CN104935441A (en) * | 2015-06-30 | 2015-09-23 | 京东方科技集团股份有限公司 | Authentication method and relevant devices and systems |
CN106209778A (en) * | 2016-06-26 | 2016-12-07 | 厦门天锐科技股份有限公司 | A kind of network admittance system and method based on NDIS filtration drive |
CN107294952A (en) * | 2017-05-18 | 2017-10-24 | 四川新网银行股份有限公司 | A kind of method and system for realizing zero terminal network access |
CN108027851A (en) * | 2015-07-14 | 2018-05-11 | 优捷达公司 | Client communication system including service pipelining |
CN108475045A (en) * | 2016-01-26 | 2018-08-31 | Wago管理有限责任公司 | System and method for the module of technical equipment and for implementing technical process |
CN111083132A (en) * | 2019-12-11 | 2020-04-28 | 北京明朝万达科技股份有限公司 | Safe access method and system for web application with sensitive data |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101022360A (en) * | 2007-03-16 | 2007-08-22 | 北京工业大学 | Local network safety management method based on IEEE 802.1X protocol |
US20090327723A1 (en) * | 2005-04-19 | 2009-12-31 | Christopher Yates | Secure transfer of digital objects |
-
2010
- 2010-07-16 CN CN 201010228710 patent/CN101867588A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090327723A1 (en) * | 2005-04-19 | 2009-12-31 | Christopher Yates | Secure transfer of digital objects |
CN101022360A (en) * | 2007-03-16 | 2007-08-22 | 北京工业大学 | Local network safety management method based on IEEE 802.1X protocol |
Non-Patent Citations (3)
Title |
---|
《福州大学学报(自然科学版)》 20100628 邱启荣等 《基于USB安全锁的内网安全监控系统设计》 383~386 1-3 第38卷, 第3期 * |
《计算机工程》 20070630 董贞良等 《基于802.1X的内网安全管理系统认证模块设计》 193~195 1-3 第33卷, 第12期 * |
《计算机应用》 20030630 万海山等 《使用USB KEY控制Windows 2000/ NT 开机登录》 254~255 1-3 第23卷, * |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102271133B (en) * | 2011-08-11 | 2014-11-26 | 北京星网锐捷网络技术有限公司 | Authentication method, device and system |
CN102271133A (en) * | 2011-08-11 | 2011-12-07 | 北京星网锐捷网络技术有限公司 | Authentication method, device and system |
CN104935441A (en) * | 2015-06-30 | 2015-09-23 | 京东方科技集团股份有限公司 | Authentication method and relevant devices and systems |
CN108027851A (en) * | 2015-07-14 | 2018-05-11 | 优捷达公司 | Client communication system including service pipelining |
CN108027851B (en) * | 2015-07-14 | 2023-08-08 | 优捷达公司 | Customer communication system including service pipeline |
US11036213B2 (en) | 2016-01-26 | 2021-06-15 | Wago Verwaltungsgesellschaft Mbh | Module for a technical installation and system and method for carrying out a technical process |
CN108475045A (en) * | 2016-01-26 | 2018-08-31 | Wago管理有限责任公司 | System and method for the module of technical equipment and for implementing technical process |
CN108475045B (en) * | 2016-01-26 | 2022-05-03 | Wago管理有限责任公司 | Module for a technical installation and system and method for carrying out a technical process |
CN106209778B (en) * | 2016-06-26 | 2019-06-28 | 厦门天锐科技股份有限公司 | A kind of network admittance system and method based on NDIS filtration drive |
CN106209778A (en) * | 2016-06-26 | 2016-12-07 | 厦门天锐科技股份有限公司 | A kind of network admittance system and method based on NDIS filtration drive |
CN107294952A (en) * | 2017-05-18 | 2017-10-24 | 四川新网银行股份有限公司 | A kind of method and system for realizing zero terminal network access |
CN111083132A (en) * | 2019-12-11 | 2020-04-28 | 北京明朝万达科技股份有限公司 | Safe access method and system for web application with sensitive data |
CN111083132B (en) * | 2019-12-11 | 2022-02-18 | 北京明朝万达科技股份有限公司 | Safe access method and system for web application with sensitive data |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN100591011C (en) | Identification method and system | |
US8266683B2 (en) | Automated security privilege setting for remote system users | |
US8327142B2 (en) | System and method for facilitating secure online transactions | |
CN101453458B (en) | Personal identification process for dynamic cipher password bidirectional authentication based on multiple variables | |
TWI543574B (en) | Method for authenticatiing online transactions using a browser | |
CN101163000B (en) | Secondary authentication method and system | |
US20100217975A1 (en) | Method and system for secure online transactions with message-level validation | |
CN101599967B (en) | Authorization control method and system based on 802.1x authentication system | |
CN109359464B (en) | Wireless security authentication method based on block chain technology | |
CN101986598B (en) | Authentication method, server and system | |
CN101867588A (en) | Access control system based on 802.1x | |
CN112436940B (en) | Internet of things equipment trusted boot management method based on zero-knowledge proof | |
CN101075869B (en) | Method for realizing network certification | |
CN104901940A (en) | 802.1X network access method based on combined public key cryptosystem (CPK) identity authentication | |
CN102307099A (en) | Authentication method and system as well as authentication server | |
Ande et al. | SSO mechanism in distributed environment | |
CN101047502B (en) | Network authorization method | |
KR101510290B1 (en) | Apparatus for implementing two-factor authentication into vpn and method for operating the same | |
CN101272379A (en) | Improving method based on IEEE802.1x safety authentication protocol | |
CN102271120A (en) | Trusted network access authentication method capable of enhancing security | |
CN101764788B (en) | Safe access method based on extended 802.1x authentication system | |
CN114764492A (en) | SDP access control method and system based on block chain | |
CN109639695A (en) | Dynamic identity authentication method, electronic equipment and storage medium based on mutual trust framework | |
US10979226B1 (en) | Soft-token authentication system with token blocking after entering the wrong PIN | |
Cisco | Security Setup |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20101020 |