CN102148691A - Distributed intrusion detection system and connecting method of centralized management in same - Google Patents
Distributed intrusion detection system and connecting method of centralized management in same Download PDFInfo
- Publication number
- CN102148691A CN102148691A CN2010101091955A CN201010109195A CN102148691A CN 102148691 A CN102148691 A CN 102148691A CN 2010101091955 A CN2010101091955 A CN 2010101091955A CN 201010109195 A CN201010109195 A CN 201010109195A CN 102148691 A CN102148691 A CN 102148691A
- Authority
- CN
- China
- Prior art keywords
- management control
- control center
- detection engine
- engine
- described detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Alarm Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a distributed intrusion detection system and a connecting method of centralized management in the same, improving the security of a detection engine in the distributed intrusion detection system. The method mainly comprises the following steps of: starting a monitoring opening by a management control center; detecting the management control center by the detection engine; sending an identity authentication request to the management control center by the detection engine for identity authentication; and establishing communication connection between the detection engine and the management control center after the management control center is authenticated. Compared with the prior art, the technical scheme provided by the invention greatly lowers the communication management complexity of the distributed intrusion detection system, improves the security of the detection engine and reduces the workload of a system administrator.
Description
Technical field
The present invention relates to computer network field, relate in particular to the method for attachment of centralized management in a kind of DIDS and this system.
Background technology
In DIDS, detect engine and be distributed on the different node of network, to the centralized management of these engines be whole system effectively the key of running guarantee.Therefore, each detects that engine need (Control Center CC) carries out effective communication, various administration configuration orders of receiving management control centre etc., and report alarm log etc. to management control center with management control center.
Chang Yong DIDS generally adopts by management control center active joint detection engine in the market, can only accept connection passively and detect engine.Under this communication mode, detect engine and need start at least one monitor port, wait for the connection of management control center.Mainly there is following limitation in this communication mode:
(1) detects engine and need start monitor port, to wait for the connection of management control center.Some Malwares also can obtain these monitor ports, thereby launch a offensive to detecting engine, cause the engine denial of service, even the behavior of meeting Control Engine, make the system of protecting network safety itself become dangerous.
(2) because the detection engine is the connection of accepting management control center passively, so after only on management control center connects, detecting engine could real playing a role, and promptly according to the instruction executable operations of management control center, and reports the situation of institute's monitoring network.In case and management control center does not initiatively initiate to be connected with detecting engine, when perhaps causing to connect with engine, then detect the effect that engine has also lost network monitor owing to the management control center self problem.
(3) management control center must know that the address of detecting engine could connect with it.In DIDS, a management control center may need to manage a large amount of detection engines, and these engines also may dynamically reduce or increase, so detect the workload that Engine Address connects can increase the keeper for specifying.
Summary of the invention
Technical problem to be solved by this invention is to provide the method for attachment of centralized management in a kind of DIDS and this system, to improve the fail safe that detects engine in the DIDS.
In order to solve the problems of the technologies described above, the present invention at first provides the method for attachment of centralized management in a kind of DIDS, and described DIDS comprises management control center and detect engine that wherein, this method comprises:
Described management control center starts monitor port;
Described detection engine is surveyed described management control center;
Described detection engine sends ID authentication request to carry out authentication to described management control center;
Described management control center by described authentication after, described detection engine is set up communication with described management control center and is connected.
Preferably, this method further comprises:
On described management control center, maximum number of connections is set, after the quantity of the described detection engine that connects reaches described maximum number of connections, no longer accepts the connection that all the other detect engine.
Preferably, this method further comprises:
Configuration management control centre tabulation on described detection engine, the management control center that described management control center list records has described detection engine to connect, described detection engine sends described ID authentication request according to described management control center tabulation to described management control center.
Preferably, described management control center tabulation records the connection priority of each management control center, and described detection engine sends described ID authentication request according to the order of described connection priority to described management control center.
Preferably, described detection engine carries out the step of described authentication, comprising: described detection engine carries out the authentification failure record with described management control center authentification failure the time, skip described management control center during subsequent probe.
In order to solve the problems of the technologies described above, the present invention also provides a kind of DIDS, and comprise management control center and detect engine, wherein:
Described management control center is used to start monitor port, described detection engine is carried out authentication after receiving the ID authentication request that described detection engine sends;
Described detection engine is used to survey described management control center, sends described ID authentication request to described management control center, and after described authentication is passed through, sets up communication with described management control center and be connected.
Preferably, further be provided with maximum number of connections on the described management control center, after the quantity of the described detection engine that connects reaches described maximum number of connections, no longer accept the connection that all the other detect engine.
Preferably, dispose the management control center tabulation on the described detection engine, the management control center that described management control center list records has described detection engine to connect, described detection engine sends described ID authentication request according to described management control center tabulation to described management control center.
Preferably, described detection engine sends described ID authentication request according to the order of connection priority to described management control center;
Wherein, the described connection priority of each management control center is documented in the described management control center tabulation of disposing on the described detection engine.
Preferably, described detection engine is further used for carrying out the authentification failure record with described management control center authentification failure the time, skips described management control center during subsequent probe.
Compared with prior art, technical solution of the present invention greatly reduces the complexity of DIDS communication management, has improved and has detected the fail safe of engine, and reduced system manager's workload.
Other advantages of the present invention, target, to set forth in the following description to a certain extent with feature, and to a certain extent,, perhaps can obtain instruction from the practice of the present invention based on being conspicuous to those skilled in the art to investigating hereinafter.Target of the present invention and other advantages can be passed through following specification, claims, and the specifically noted structure realizes and obtains in the accompanying drawing.
Description of drawings
Accompanying drawing is used to provide further understanding of the present invention, and constitutes the part of specification, is used from explanation the present invention with embodiments of the invention one, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the schematic flow sheet of centralized management method of attachment embodiment of the present invention;
Fig. 2 is the schematic flow sheet of centralized management method of attachment application example of the present invention;
Fig. 3 transmits schematic diagram for composition and the message of DIDS embodiment of the present invention.
Embodiment
Describe embodiments of the present invention in detail below with reference to drawings and Examples, how the application technology means solve technical problem to the present invention whereby, and the implementation procedure of reaching technique effect can fully understand and implements according to this.
Need to prove that if do not conflict, each feature among the embodiment of the invention and the embodiment can mutually combine, all within protection scope of the present invention.In addition, can in computer system, carry out in the step shown in the flow chart of accompanying drawing such as a set of computer-executable instructions, and, though there is shown logical order in flow process, but in some cases, can carry out step shown or that describe with the order that is different from herein.
The core concept of technical solution of the present invention is, sets up monitoring service by management control center, waits the connection of engine to be detected; Detect then active probe management control center of engine,, then register and connect, accept the management of management control center and report the situation of institute's monitoring network to management control center to it if find to exist legal management control center.
Fig. 1 is the schematic flow sheet of centralized management method of attachment embodiment of the present invention, and this centralized management method of attachment is mainly used in the DIDS and sets up effective communication between the management control center and detection engine.As shown in Figure 1, this centralized management method of attachment is implemented mainly to comprise the steps:
Step S110, management control center start monitor port, starting monitoring service, and etc. the connection of engine to be detected;
Management control center need operate on the main frame that can connect network, and starts the monitor port of an appointment, waits the connection of engine to be detected;
Management control center can set in advance the maximum number of connections that this machine can be managed, and after the quantity of the detection engine that connects reaches this maximum number of connections, no longer accepts the more connection that detects engine.
Step S120 detects engine and surveys legal management control center;
Detect and dispose management control center tabulation, all management control centers that this list records has this detection engine to connect on the engine;
In this management control center tabulation, record the connection priority and the attribute information of each management control center; When wherein this connection priority is represented to detect engine start, the priority of connection management control centre; Wherein this attribute information is such as the address that comprises management control center, port, version number, position and other descriptor.
Step S130 detects engine and sends ID authentication request to carry out authentication to management control center;
When detect engine set up with being connected of management control center after, send the ID authentication request of detection engine self to management control center, carry out authentication to the management control center request, the connection of having only authentication to pass through could be set up normal communication.
Step S140, after authentication was passed through, the detection engine was set up communication with management control center and is connected.
Detect after engine and the management control center authentication success, mean that detecting engine has set up legal normal communication with this management control center and concern, detect engine and can accept the management of management control center, and report the log information of institute's monitoring network to management control center.
Among the above-mentioned steps S120, when detecting engine start, the preferential the highest management control center of connection priority of surveying, if can connect and by authentication, then set up the normal communication with the highest this management control center of connection priority, accept the management of this highest management control center of connection priority, otherwise according to the connection priority order, survey other management control centers, until finding a legal management control center, and set up communication with it.
Among the above-mentioned steps S130,, then can in the management control center tabulation, carry out the authentification failure record if detect engine and certain management control center authentification failure; During the subsequent probe management control center, can skip these management control centers of crossing of authentification failure once, improve the efficient of surveying.
After communication is set up, no matter detect engine and still be management control center and can initiatively disconnect and being connected of the other side, the other side perhaps is set is illegal node, no longer set up the communication relation later on the other side.
When a plurality of detection engines are set up normal communication when being connected with a management control center simultaneously, management control center just can be managed these concentratedly and be detected engine, and need not know in advance that these detect the information of engine, management control center only utilizes the authentication information when connecting to determine whether including the centralized management of oneself in detecting engine.
Fig. 2 is the schematic flow sheet of centralized management method of attachment application example of the present invention.Should use in the example, the IP address is that two main frames of 192.168.0.2 and 192.168.0.3 are disposed management control center, wherein the IP address is that the main frame of 192.168.0.2 is disposed first management control center, and the IP address is that the main frame of 192.168.0.3 is disposed second management control center; Detecting engine has 5, be respectively first detect engine E1, second detect engine E2 ..., the 5th detect engine E5.
In conjunction with method embodiment shown in Figure 1, application example shown in Figure 2 mainly comprises the steps:
Step S210, difference operational management control centre's module (promptly moving first management control center and second management control center) on two main frames, and the monitor port service of startup appointment, monitor port is 50000;
Wherein, the first management control center maximum can be managed 3 detection engines, and the second management control center maximum can be managed 10 detection engines;
Step S220, configuration authentication strategy on first and second management control center, this authentication strategy can be formulated and adjust according to actual conditions;
" character string (promptly this character string is authentication information) carry out authentication;
When management control center receives this character string, both thought that the detection engine that sends this character string was a legal detection engine, and authentication is passed through;
Step S230 is deployed in 5 detection engines respectively on the different network nodes, and is every attachable management control center tabulation of detection engine configuration;
For convenience of explanation, can make the configuration of 5 detection engines identical; Below every row represent a management control center, the form that management control center is tabulated is { ip; Port; Version; Position; Memo}, detailed configured list is as follows:
{192.168.0.2;50000;1.0.0;heaven;very?happy};
{192.168.0.3;50000;1.0.1;hell;very?sad};
Step S240 starts 5 detection engines, and these 5 detection engines are tabulated based on management control center, preferentially connect first management control center;
" character string to be to carry out authentication;
" character string, according to the authentication strategy the first detection engine E1, the second detection engine E2 and the 3rd are detected engine E3 and carry out authentication;
" character string is authenticated passes through;
Step S270, the first detection engine E1, second detects engine E2 and the 3rd detection engine E3 has set up legal communication relation with first management control center respectively, promptly accept the centralized management of this first management control center, and to this first management control center report network log information;
Step S280, the 4th detection engine E4 and the 5th detect engine E5 and preferentially carry out authentication to first management control center transmission authentication information with request; Because the first management control center maximum can only be managed 3 detection engines, therefore the 4th detect engine E4 and the 5th and detect engine E5 and can only abandon and being connected of first management control center, then send i.e. " the I am a superman! of authentication information to second management control center " character string;
" character string is by detecting the authentication that engine E4 and the 5th detects engine E5 to the 4th; and with the 4th detect engine E4 and the 5th and detect engine E5 and set up legal communication relation; the 4th detects engine E4 and the 5th detects the centralized management that engine E5 accepts this second administrative center, and to this second management control center report network log information.
Should if cause the first management control center run-time error for a certain reason, then can disconnect with the first detection engine E1, second and detect the communication of setting up before engine E2 and the 3rd detection engine E3 with in the example.When first detects engine E1, second and detects engine E2 or the 3rd and detect engine E3 and find that normal communication with first management control center disconnects, then can seek in the management control center tabulation remaining management control center promptly second management control center to connect; After second management control center passes through first authentication that detects engine E1, the second detection engine E2 and the 3rd detection engine E3, the first detection engine E1, the second detection engine E2 or the 3rd detection engine E3 promptly set up the legal communication with second management control center, and accept the management of this second management control center, to this second management control center report network log information.
Fig. 3 transmits schematic diagram for composition and the message of DIDS embodiment of the present invention.With reference to aforementioned method embodiment shown in Figure 1 and method application example shown in Figure 2, DIDS embodiment of the present invention mainly comprises management control center 310 and detection engine 3 20, wherein:
This management control center 310 is used to start monitor port, this detection engine 3 20 is carried out authentication after receiving the ID authentication request that this detection engine 3 20 sends;
This detects engine 3 20, is used to survey this management control center 310, sends this ID authentication request to this management control center 310, and after this authentication is passed through, sets up communication with this management control center 310 and be connected.
Wherein, further be provided with maximum number of connections on this management control center 310, after the quantity of this detection engine 3 20 that connects reaches this maximum number of connections, no longer accept the connection that all the other detect engine 3 20.
Wherein, dispose management control center 310 tabulations on this detection engine 3 20, the management control center 310 that these management control center 310 list records have this detection engine 3 20 to connect, this detects engine 3 20 and sends this ID authentication request according to these management control center 310 tabulations to this management control center 310.
Wherein, this detection engine 3 20 sends these ID authentication request according to the order of connection priority to this management control center 310; Wherein, this connection priority of each management control center 310 is documented in these management control center 310 tabulations of configuration on this detection engine 3 20.
Wherein, this detection engine 3 20 is further used for carrying out the authentification failure record with these management control center 310 authentification failures the time, skips this management control center 310 during subsequent probe.
Technical solution of the present invention has realized the load balance of management control center.In detecting the more application of engine, if most of engine that detects all is connected to a management control center, then can cause this management control center load excessive, reduced treatment effeciency.Adopt technical solution of the present invention, in the application that is deployed with a plurality of management control centers,, can avoid detecting the generation that engine is concentrated the situation on certain several management control center that is connected by for management control center is provided with maximum number of connections.When initiate detection engine is surveyed management control center, reached the maximum number of connections that sets in advance if find this management control center, then can abandon and being connected of this management control center, carry out the detection of next control centre, up to finding a suitable management control center.
Technical solution of the present invention has realized the Hot Spare of management control center.Find and the management control center that is connected can not normal communication the time when detecting engine, think that then fault has appearred in this management control center, can initiatively abandon communication relation with it, and then from management control center tabulation, seek next management control center that can legal communication, and accept the management of new management control centre, thereby avoid because the Single Point of Faliure of management control center causes the problem of a large amount of detection engine disablers.
Technical solution of the present invention has improved the fail safe that detects engine.Because detection engine initiatively connects with management control center,, reduced the risk of being attacked so detection engine does not need to start monitoring service.And in the process that detection engine and management control center connect, carried out strict authentication, avoided by the problem of other false main frame deception.
Technical solution of the present invention has realized the automation of communication management.Detect engine and survey management control center on one's own initiative, connect with it and carry out authentication, so management control center does not need to know in advance that each detects the information of engine, as long as verify the authentication information of detection engine according to certain certification policy.The automation logon mode of this detection engine has lowered keeper's workload greatly, and for the interpolation and the deletion that detect engine, can both dynamically adjust.
Need to prove, can in computer system, carry out in the step shown in the flow chart of accompanying drawing such as a set of computer-executable instructions, and, though there is shown logical order in flow process, but in some cases, can carry out step shown or that describe with the order that is different from herein.In addition, those skilled in the art should be understood that, above-mentioned each module of the present invention or each step can realize with the general calculation device, they can concentrate on the single calculation element, perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in the storage device and carry out by calculation element, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
Though the disclosed execution mode of the present invention as above, the execution mode that described content just adopts for the ease of understanding the present invention is not in order to limit the present invention.Technical staff in any the technical field of the invention; under the prerequisite that does not break away from the disclosed spirit and scope of the present invention; can do any modification and variation what implement in form and on the details; but scope of patent protection of the present invention still must be as the criterion with the scope that appending claims was defined.
Claims (10)
1. the method for attachment of centralized management in the DIDS, described DIDS comprise management control center and detect engine, it is characterized in that this method comprises:
Described management control center starts monitor port;
Described detection engine is surveyed described management control center;
Described detection engine sends ID authentication request to carry out authentication to described management control center;
Described management control center by described authentication after, described detection engine is set up communication with described management control center and is connected.
2. the method for claim 1 is characterized in that, this method further comprises:
On described management control center, maximum number of connections is set, after the quantity of the described detection engine that connects reaches described maximum number of connections, no longer accepts the connection that all the other detect engine.
3. the method for claim 1 is characterized in that, this method further comprises:
Configuration management control centre tabulation on described detection engine, the management control center that described management control center list records has described detection engine to connect, described detection engine sends described ID authentication request according to described management control center tabulation to described management control center.
4. method as claimed in claim 3 is characterized in that:
Described management control center tabulation records the connection priority of each management control center, and described detection engine sends described ID authentication request according to the order of described connection priority to described management control center.
5. the method for claim 1 is characterized in that, described detection engine carries out the step of described authentication, comprising:
Described detection engine carries out the authentification failure record with described management control center authentification failure the time, skip described management control center during subsequent probe.
6. a DIDS comprises management control center and detects engine, it is characterized in that:
Described management control center is used to start monitor port, described detection engine is carried out authentication after receiving the ID authentication request that described detection engine sends;
Described detection engine is used to survey described management control center, sends described ID authentication request to described management control center, and after described authentication is passed through, sets up communication with described management control center and be connected.
7. system as claimed in claim 6 is characterized in that:
Further be provided with maximum number of connections on the described management control center, after the quantity of the described detection engine that connects reaches described maximum number of connections, no longer accept the connection that all the other detect engine.
8. system as claimed in claim 6 is characterized in that:
Dispose the management control center tabulation on the described detection engine, the management control center that described management control center list records has described detection engine to connect, described detection engine sends described ID authentication request according to described management control center tabulation to described management control center.
9. system as claimed in claim 8 is characterized in that:
Described detection engine sends described ID authentication request according to the order of connection priority to described management control center;
Wherein, the described connection priority of each management control center is documented in the described management control center tabulation of disposing on the described detection engine.
10. system as claimed in claim 6 is characterized in that:
Described detection engine is further used for carrying out the authentification failure record with described management control center authentification failure the time, skips described management control center during subsequent probe.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010109195.5A CN102148691B (en) | 2010-02-08 | 2010-02-08 | Distributed intrusion detection system and connecting method of centralized management in same |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010109195.5A CN102148691B (en) | 2010-02-08 | 2010-02-08 | Distributed intrusion detection system and connecting method of centralized management in same |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102148691A true CN102148691A (en) | 2011-08-10 |
| CN102148691B CN102148691B (en) | 2015-04-29 |
Family
ID=44422712
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010109195.5A Expired - Fee Related CN102148691B (en) | 2010-02-08 | 2010-02-08 | Distributed intrusion detection system and connecting method of centralized management in same |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102148691B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102594620A (en) * | 2012-02-20 | 2012-07-18 | 南京邮电大学 | Linkable distributed network intrusion detection method based on behavior description |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101018155A (en) * | 2007-02-08 | 2007-08-15 | 华为技术有限公司 | Network element management method, system and network element |
| CN101039225A (en) * | 2007-04-04 | 2007-09-19 | 北京佳讯飞鸿电气有限责任公司 | Method for realizing data safe transmission of distribution cooperating intrusion detection system |
| CN101094122A (en) * | 2007-08-17 | 2007-12-26 | 中兴通讯股份有限公司 | Monitoring system and method in use for WiMAX network |
| CN101179573A (en) * | 2007-10-24 | 2008-05-14 | 中兴通讯股份有限公司 | Method of implementing online dynamic updating server software configuration information |
| CN101365014A (en) * | 2008-04-30 | 2009-02-11 | 华中科技大学 | Distributed adaptive listening system, generation and monitor control method |
-
2010
- 2010-02-08 CN CN201010109195.5A patent/CN102148691B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101018155A (en) * | 2007-02-08 | 2007-08-15 | 华为技术有限公司 | Network element management method, system and network element |
| CN101039225A (en) * | 2007-04-04 | 2007-09-19 | 北京佳讯飞鸿电气有限责任公司 | Method for realizing data safe transmission of distribution cooperating intrusion detection system |
| CN101094122A (en) * | 2007-08-17 | 2007-12-26 | 中兴通讯股份有限公司 | Monitoring system and method in use for WiMAX network |
| CN101179573A (en) * | 2007-10-24 | 2008-05-14 | 中兴通讯股份有限公司 | Method of implementing online dynamic updating server software configuration information |
| CN101365014A (en) * | 2008-04-30 | 2009-02-11 | 华中科技大学 | Distributed adaptive listening system, generation and monitor control method |
Non-Patent Citations (1)
| Title |
|---|
| 李士林等: "入侵检测系统的设计与实现", 《网络安全技术与应用》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102594620A (en) * | 2012-02-20 | 2012-07-18 | 南京邮电大学 | Linkable distributed network intrusion detection method based on behavior description |
| CN102594620B (en) * | 2012-02-20 | 2014-06-04 | 南京邮电大学 | Linkable distributed network intrusion detection method based on behavior description |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102148691B (en) | 2015-04-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103391216B (en) | A kind of illegal external connection is reported to the police and blocking-up method | |
| US20060015715A1 (en) | Automatically protecting network service from network attack | |
| US20090217353A1 (en) | Method, system and device for network access control supporting quarantine mode | |
| CN102842001B (en) | System and method for detecting computer security information based on U disc authentication | |
| WO2010003317A1 (en) | Device, method and system for preventing web page from being tampered | |
| KR100788256B1 (en) | System for monitoring web server fablication using network and method thereof | |
| CN102882676A (en) | Method and system for equipment to safely access Internet of things | |
| CN111353151B (en) | Vulnerability detection method and device for network application | |
| CN113221093B (en) | Single sign-on system, method, equipment and product based on block chain | |
| CN106254329A (en) | For the method protecting computer network security | |
| CN102740296A (en) | Trusted network access method and system for mobile terminal | |
| CN112596874A (en) | Information processing method and electronic equipment | |
| CN110677391B (en) | Third-party link verification method based on URL Scheme technology and related equipment | |
| US20240064021A1 (en) | Access control method, apparatus, network side device, terminal and blockchain node | |
| CN103888288A (en) | Registration method, administrator, register and system | |
| CN107395768B (en) | Double-machine self-adaptive load balancing method for file secure transmission | |
| CN102148691B (en) | Distributed intrusion detection system and connecting method of centralized management in same | |
| US11641350B2 (en) | Information processing method and information processing system for encryption machine | |
| CN106302409A (en) | The electric data transmission method of cross-safety zone | |
| JP5736346B2 (en) | Virtualization device, virtualization control method, virtualization device control program | |
| CN110380865B (en) | Single sign-on method, device, medium and equipment of multi-node management system | |
| CN107770200A (en) | A kind of storage system process access safety guard method and system | |
| CN116029729B (en) | Cross-link method and system based on dynamic access application link management contract mode | |
| CN115051851B (en) | User access behavior management and control system and method in scene of internet of things | |
| CN113949583B (en) | Security verification method for access of Internet of things equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150429 Termination date: 20190208 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |