CN103109510A - Resource safety access method and device - Google Patents

Resource safety access method and device Download PDF

Info

Publication number
CN103109510A
CN103109510A CN2012800017887A CN201280001788A CN103109510A CN 103109510 A CN103109510 A CN 103109510A CN 2012800017887 A CN2012800017887 A CN 2012800017887A CN 201280001788 A CN201280001788 A CN 201280001788A CN 103109510 A CN103109510 A CN 103109510A
Authority
CN
China
Prior art keywords
resource
user
stored
list
authorization result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2012800017887A
Other languages
Chinese (zh)
Inventor
曹志源
戴明毅
张战兵
陈爱平
虞景和
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN103109510A publication Critical patent/CN103109510A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a resource safety access method and a device relating to the communication/information technology field. The invention can be use for the identification verification information of the user and for the verification of the browser software abstract, therefore the server resource can be safely accessed by the user, and the sever resource can be protected. The method includes acquiring the identification verification information of the user and the browser software abstract; cooperating the identification verification information with the user information corresponding to the user information corresponding to the user trust list, and cooperating the browser software abstract with the pre-stored browser software abstract software abstract information in the browser trust list in order to generate the authorization result of the user; displaying the accessable resource list, therefore the user can input the access instruction according to the accessable resource list; acquiring the pre-stored resource or the resource of the server directed by the access instruction.

Description

A kind of resource security access method and device
Technical field
The present invention relates to communication/areas of information technology, relate in particular to a kind of resource security access method and device.
Background technology
Along with the develop rapidly of integrated circuit technique, mobile terminal has had powerful disposal ability, and becomes an integrated information processing platform from simple conversation instrument.In recent years, increasing enterprise begins the working way that choice for use mobile terminal access corporate intranet carries out mobile office, to improve the enterprise staff operating efficiency, takes full advantage of the mobile Internet convenience.Wherein, webpage is the main bearing mode of corporate information technology business, most business events all can provide the application of webpage, such as: enterprise portal, the office automation system, mail, Enterprise Resources Plan, customer relation management and financial system etc., the capital provides web service, to facilitate the user by all kinds of terminal accesses.Therefore, become gradually the principal mode of enterprise's office based on the Operational Visit of browsing device net page, and along with HTML 5 (HypertextMarkup Language 5, HTML the 5th edition) rise, the universal trend of web application can be further obvious, and then people are also more and more higher to the security requirement of web application.
In prior art, realize that the universal safety technology of mobile terminal safety access is for adopting VPN (Virtual Private Network, virtual security network), yet, on the one hand, because existing VPN technologies need be obtained senior access rights, need operating system to authorize, therefore for different application manufacturer, need to carry out the compatibility exploitation, thereby cause the versatility of VPN technologies poor; On the other hand, VPN can't be to carrying out meticulous access control, and business data does not add protection after downloading to this locality by VPN, has the larger risk of divulging a secret.
Summary of the invention
Embodiments of the invention provide a kind of resource security access method, Apparatus and system, can verify user's authentication information and browser software summary, so that the resource of user security accessing server realizes the protection of server resource.
For achieving the above object, embodiments of the invention adopt following technical scheme:
First aspect, the embodiment of the present invention provide a kind of resource security access method, and the method comprises:
Obtain user's authentication information and browser software summary;
If described authentication information be pre-stored in the users to trust list corresponding user profile and be complementary, described browser software summary be pre-stored in that in the browser trust list, corresponding browser software summary info is complementary, generate described user's Authorization result, described Authorization result comprises addressable the Resources list;
Show described addressable the Resources list, so that described user is according to described addressable the Resources list input reference instruction;
Obtain the indicated pre-stored resource of described access instruction or the resource of server.
In the possible implementation of the first, according to first aspect, the method also comprises:
Obtain the hardware keys sign;
In the hardware keys list, corresponding hardware keys information is complementary if described hardware keys identifies and is pre-stored in, and generates described user's Authorization result.
In the possible implementation of the second, in conjunction with first aspect or the possible implementation of the first, described Authorization result also comprises resource usage policy;
Wherein, describedly obtain the indicated pre-stored resource of described access instruction or the resource of server comprises:
Obtain the indicated pre-stored resource of described access instruction or the resource of server according to described resource usage policy.
In the third possible implementation, in conjunction with first aspect or possible implementation or the possible implementation of the second of the first, the method also comprises:
If receive the described access instruction of user's input after predetermined period, do not obtain the resource of the indicated server of described access instruction.
In the 4th kind of possible implementation, to the third possible implementation, the method also comprises in conjunction with first aspect or the possible implementation of the first:
Described Authorization result also comprises user right information, and described user right information indicates whether to allow described user to upload or downloaded resources.
In the 5th kind of possible implementation, in conjunction with first aspect or the possible four kinds of possible implementations of implementation to the of the first, the method also comprises:
Described Authorization result also comprises resource security access level information, and described resource security access level information indication allows the grade of the resource of described user's download.
Second aspect, the embodiment of the present invention also provide a kind of resource security access means, and this device comprises:
The local service module is used for obtaining user's authentication information and browser software summary, and shows described addressable the Resources list, so that described user is according to described addressable the Resources list input reference instruction;
Authentication module, be complementary if be used for described authentication information and be pre-stored in the corresponding user profile of users to trust list, described browser software summary be pre-stored in that in the browser trust list, corresponding browser software summary info is complementary, generate described user's Authorization result, described Authorization result comprises addressable the Resources list;
The secure communication module is used for obtaining the indicated pre-stored resource of described access instruction or the resource of server.
In the possible implementation of the first, according to second aspect,
Described local service module also is used for obtaining the hardware keys sign;
Described authentication module if also be used for described hardware keys sign and be pre-stored in the corresponding hardware keys information of hardware keys list being complementary, generates described user's Authorization result.
In the possible implementation of the second, in conjunction with second aspect or the possible implementation of the first, described Authorization result also comprises resource usage policy;
Wherein, described secure communication module, concrete being used for obtained the indicated pre-stored resource of described access instruction or the resource of server according to described resource usage policy.
In the third possible implementation, in conjunction with second aspect or possible implementation or the possible implementation of the second of the first, described secure communication module, if also be used for receiving the described access instruction of user's input after predetermined period, do not obtain the resource of the indicated server of described access instruction.
In the 4th kind of possible implementation, in conjunction with second aspect or the possible implementation of the first to the third possible implementation, described Authorization result also comprises user right information, and described user right information indicates whether to allow described user to upload or downloaded resources.
In the 5th kind of possible implementation, in conjunction with second aspect or the possible four kinds of possible implementations of implementation to the of the first, described Authorization result also comprises resource security access level information, and described resource security access level information indication allows the grade of the resource of described user's download.
The third aspect, the embodiment of the present invention also provide a kind of resource security accessor, and this resource security accessor comprises:
Secure browser, be used for obtaining user's authentication information and browser software summary, and show described addressable the Resources list, so that described user is according to described addressable the Resources list input reference instruction, and obtain the indicated pre-stored resource of described access instruction or the resource of server;
Security gateway, be complementary if be used for described authentication information and be pre-stored in the corresponding user profile of users to trust list, described browser software summary be pre-stored in that in the browser trust list, corresponding browser software summary info is complementary, generate described user's Authorization result, described Authorization result comprises addressable the Resources list.
In the possible implementation of the first, according to the third aspect,
Described secure browser also is used for obtaining the hardware keys sign;
Described security gateway if also be used for described hardware keys sign and be pre-stored in the corresponding hardware keys information of hardware keys list being complementary, generates described user's Authorization result.
In the possible implementation of the second, in conjunction with the third aspect or the possible implementation of the first, described Authorization result also comprises resource usage policy;
Wherein, described secure browser, concrete being used for obtained the indicated pre-stored resource of described access instruction or the resource of server according to described resource usage policy.
method and the device of the resource security access that the embodiment of the present invention provides, by authentication information and the browser software summary that obtains the user, if authentication information be pre-stored in the users to trust list corresponding user profile and be complementary, browser software summary be pre-stored in that in the browser trust list, corresponding browser software summary info is complementary, generate user's Authorization result, wherein, Authorization result comprises addressable the Resources list, and show addressable the Resources list, so that the user is according to addressable the Resources list input reference instruction, and obtain the indicated pre-stored resource of access instruction or the resource of server.By this scheme; because authentication information, browser software summary and hardware keys sign to the user all authenticate; only having can the access services device by the user of authentication, thereby makes user's resource of access services device safely, realizes the protection of server resource.
Description of drawings
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, the below will do to introduce simply to the accompanying drawing of required use in embodiment or description of the Prior Art, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
The resource security access method schematic flow sheet one that Fig. 1 provides for the embodiment of the present invention;
The resource security access method schematic flow sheet two that Fig. 2 provides for the embodiment of the present invention;
The resource security access means structural representation one that Fig. 3 provides for the embodiment of the present invention;
The resource security access means structural representation two that Fig. 4 provides for the embodiment of the present invention;
The resource security access means structural representation three that Fig. 5 provides for the embodiment of the present invention;
The resource security accessor structural representation that Fig. 6 provides for the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on the embodiment in the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
The embodiment of the present invention provides a kind of resource security access method, and as shown in Figure 1, the method comprises:
S101, resource security access means are obtained user's authentication information and browser software summary.
In the modern enterprise working way, become gradually the principal mode of enterprise's office based on the Operational Visit of browsing device net page.the method of the resource security access that the embodiment of the present invention proposes, when the resource security access means is started by the user, at first the resource security access means can read built-in user's the authentication page, the user need to be by this user's authentication page input authentication information, insert as required hardware keys, if insert the hardware encryption key, the resource security access means is extracted the hardware keys sign automatically, wherein, the hardware keys of the embodiment of the present invention can be a kind of by USB (UniversalSerial BUS, what USB) directly be connected with computer has a cryptographic authorization functions, reliable small-sized storage facilities at a high speed.
need to prove, difference according to strategy, authentication information can be the set account name of user, password, it can be also user's name, job number, the personal information such as identification card number, it can also be digital certificate, the information such as dynamic password, wherein, digital certificate refers in internet communication a series of data of sign communication each side identity information, a kind of mode of identifying user identity on the internet is provided, its effect is similar to driver's driving license or the identity card in daily life, dynamic password is the random digit combination that changes according to special algorithm, main generation form has SMS, hardware token, handset token, dynamic password.
When the resource security access means is started by the user, the resource security access means also can read the browser software summary that the user uses, the browser software summary is the sign of browser, be specifically as follows a character string, by this character string, whether the resource security access means can be judged and rewritten by outside illegal operation and produce hidden danger.
If the S102 authentication information be pre-stored in the users to trust list corresponding user profile and be complementary, browser software summary be pre-stored in that in the browser trust list, corresponding browser software summary info is complementary, the resource security access means generates user's Authorization result, and Authorization result comprises addressable the Resources list.
The resource security access means is carried out verification to it respectively after getting user's authentication information and browser software summary.The resource security access means with the user's that gets authentication information and browser software summary by based on SSL (Secure Sockets Layer, SSL) authentication module that the tunnel of consult setting up sends to the resource security access means authenticates, wherein, SSL provides a kind of security protocol of safety and data integrity for network service, in transport layer, network is connected to be encrypted.
Need to prove, the user's that the resource security access means gets authentication information and browser software summary has more than the authentication module that is confined to send to by the tunnel of setting up based on ssl protocol the resource security access means and authenticates, also can set up the authentication module that the tunnel sends to the resource security access means based on security protocols such as TLS (Transport LayerSecurity, safe transmission layer protocol) authenticates.
The resource security access means authenticates the user's that gets authentication information and browser software summary by the authentication module that the tunnel of consulting to set up based on SSL sends to the resource security access means, if authentication information be pre-stored in the users to trust list corresponding user profile and be complementary, browser software summary be pre-stored in that in the browser trust list, corresponding browser software summary info is complementary, show this user by authentication, thereby allow this user to browse resource.
After the user had passed through the identity information checking, the resource security access means generated user's Authorization result, and Authorization result comprises addressable the Resources list, so that the user can pass through the Resources list access resources.
S103, resource security access means show addressable the Resources list, so that the user is according to addressable the Resources list input reference instruction.
After the user has passed through the identity information checking, the resource security access means generates user's Authorization result, Authorization result comprises addressable the Resources list, resource usage policy, and is shown to the user by the resource security access means, so that the user can pass through the Resources list input reference instruction.
What need to replenish is, the Authorization result that the resource security access means generates the user comprises addressable the Resources list, wherein, the Resources list is that the form with a resource bookmark page shows the user's, the resource bookmark is that the resource page template built-in according to the resource security access means constructed, and bookmark not only comprises web page resources, also comprises the resources such as application, desktop, virtual machine, find easily self needed resource for the user is clear, and then the input reference instruction.
S104, resource security access means are obtained the indicated pre-stored resource of access instruction or the resource of server.
The resource security access means receives the access instruction that the user inputs, and obtains the indicated pre-stored resource of access instruction or the resource of server.
What need to replenish is, the pre-stored resource that access instruction is indicated or the resource of server represent respectively different resource types, and the resource security access means is divided into offline resources with resource and needs the resource of user's online access.Pre-stored resource refers to the resource that the user can offline access, and the resource of server need to refer to the resource of user's online access, and wherein, offline resources is that the resource security access means is stored in resource the resource security access means from what server obtained in advance.
If obtain the resource of the indicated server of access instruction, namely need the resource of user's online access, server transmits the encryption tunnel of data based on security protocol, will show the user in resource set.
the method of a kind of resource security access that the embodiment of the present invention provides, by authentication information and the browser software summary that obtains the user, if authentication information be pre-stored in the users to trust list corresponding user profile and be complementary, browser software summary be pre-stored in that in the browser trust list, corresponding browser software summary info is complementary, generate user's Authorization result, wherein, Authorization result comprises addressable the Resources list, and show addressable the Resources list, so that the user is according to addressable the Resources list input reference instruction, and obtain the indicated pre-stored resource of access instruction or the resource of server.By this scheme; because authentication information, browser software summary and hardware keys sign to the user all authenticate; only having can the access services device by the user of authentication, thereby makes user's resource of access services device safely, realizes the protection of server resource.
The embodiment of the present invention provides a kind of resource security access method, and as shown in Figure 2, the method comprises:
S201, resource security access means are obtained user's authentication information, browser software summary and hardware keys sign.
In the modern enterprise working way, become gradually the principal mode of enterprise's office based on the Operational Visit of browsing device net page, can improve the operating efficiency of enterprise staff, the convenience that makes full use of internet.The method of the resource security access that the embodiment of the present invention proposes, when the resource security access means is started by the user, at first the resource security access means can read built-in user's the authentication page, the user need to be by this user's authentication page input authentication information, insert subsequently hardware keys, the resource security access means is extracted the hardware keys sign automatically, wherein, the hardware keys of the embodiment of the present invention can be a kind ofly to have a cryptographic authorization functions by what USB directly was connected with computer, reliable small-sized storage facilities at a high speed.
need to prove, difference according to strategy, authentication information can be the set account name of user, password, it can be also user's name, job number, the personal information such as identification card number, it can also be digital certificate, the information such as dynamic password, wherein, digital certificate refers in internet communication a series of data of sign communication each side identity information, a kind of mode of identifying user identity on the internet is provided, its effect is similar to driver's driving license or the identity card in daily life, dynamic password is the random digit combination that changes according to special algorithm, main generation form has SMS, hardware token, handset token, dynamic password.
When the resource security access means is started by the user, the resource security access means also can read the browser software summary that the user uses, the browser software summary is the sign of browser, be specifically as follows a character string, by this character string, whether the resource security access means can be judged and rewritten by outside illegal operation and produce hidden danger.
If the S202 authentication information be pre-stored in the users to trust list corresponding user profile and be complementary, and browser software summary be pre-stored in that in the browser trust list, corresponding browser software summary info is complementary, and hardware keys identifies and is pre-stored in, and in the hardware keys list, corresponding hardware keys information is complementary, the resource security access means generates user's Authorization result, and Authorization result comprises addressable the Resources list, resource usage policy.
The resource security access means is carried out verification to it respectively after getting user's authentication information, browser software summary and hardware keys sign.The resource security access means authenticates the user's that gets authentication information, browser software summary and hardware keys sign by the authentication module that the tunnel of consulting to set up based on SSL sends to the resource security access means, wherein, SSL provides a kind of security protocol of safety and data integrity for network service, in transport layer, network is connected to be encrypted.
Need to prove, the user's that the resource security access means gets authentication information, browser software summary and hardware keys sign have more than the authentication module that is confined to send to by the tunnel of setting up based on ssl protocol the resource security access means and authenticate, and also can set up the authentication module that the tunnel sends to the resource security access means based on security protocols such as TLS and authenticate.
the resource security access means is with the user's that gets authentication information, browser software summary and hardware keys sign authenticate by the authentication module that the tunnel of consulting to set up based on SSL sends to the resource security access means, if authentication information be pre-stored in the users to trust list corresponding user profile and be complementary, and browser software summary be pre-stored in that in the browser trust list, corresponding browser software summary info is complementary, and hardware keys identifies and is pre-stored in, and in the hardware keys list, corresponding hardware keys information is complementary, show that this user is by authentication, thereby allow this user to browse resource.
After the user had passed through the identity information checking, the resource security access means generated user's Authorization result, and Authorization result comprises addressable the Resources list, resource usage policy, so that the user can pass through the Resources list access resources.
What need to replenish is, the pre-stored resource that access instruction is indicated or the resource of server represent respectively different resource types, and the resource security access means is divided into offline resources with resource and needs the resource of user's online access.Pre-stored resource refers to the resource that the user can offline access, and the resource of server need to refer to the resource of user's online access, and wherein, offline resources is that the resource security access means is stored in resource the resource security access means from what server obtained in advance.
exemplary, the resource security access means is divided into 10 grades according to strategy with the safe class of All Files, user A still is in the employee of practice phase for certain company, the indication of user right information does not allow this user's upload and download resource, user B is the common employee of certain company, the indication of user right information allows this user's upload and download resource, resource security access level information is 3 grades, it is 3 that i.e. indication allows the grade of the resource of user's download, illustrate that the Downloadable hierarchical resource of this user is 1 grade, 2 grades and 3 grades, user C is the administrative staff of certain company, the indication of user right information allows this user's upload and download resource, resource security access level information is 10 grades, it is 10 that i.e. indication allows the grade of the resource of user's download, all resources that this user can download are described.
S203, resource security access means show addressable the Resources list, so that the user is according to addressable the Resources list input reference instruction.
After the user has passed through the identity information checking, the resource security access means generates user's Authorization result, Authorization result comprises addressable the Resources list, resource usage policy, and is shown to the user by the resource security access means, so that the user can pass through the Resources list input reference instruction.
What need to replenish is, the Authorization result that the resource security access means generates the user comprises addressable the Resources list and resource usage policy, wherein, the Resources list is that the form with a resource bookmark page shows the user's, the resource bookmark is that the resource page template built-in according to the resource security access means constructed, bookmark not only comprises web page resources, also comprise the resources such as application, desktop, virtual machine, find easily self needed resource for the user is clear, and then the input reference instruction.
S204, resource security access means are obtained the indicated pre-stored resource of access instruction or the resource of server according to resource usage policy.
The resource security access means receives the access instruction that the user inputs, and obtains the indicated pre-stored resource of access instruction or the resource of server according to resource usage policy.
What need to replenish is, the pre-stored resource that access instruction is indicated or the resource of server have referred to respectively different resource types, and the resource security access means is divided into resource that can offline access with resource and needs the resource of user's online access.Pre-stored resource refers to the resource that the user can offline access, and the resource of server need to refer to the resource of user's online access, the resource that wherein user can offline access before the user uses browser just in advance in browser.
If obtain the resource of the indicated server of access instruction, namely need the resource of user's online access, server transmits the encryption tunnel of data based on security protocol, and resource is called local interface according to resource usage policy and is concentrated and to show the user.
The resource that S205, the storage of resource security access means get from server.
S206, resource security access means are encrypted the resource of the server that gets.
Below, integrating step S205 and S206, to resource security access means Gains resources from the server how, and the step that these resources are encrypted describes.
The pre-stored resource that access instruction is indicated or the resource of server have referred to respectively different resource types, and the resource security access means is divided into resource that can offline access with resource and needs the resource of user's online access.Pre-stored resource refers to the resource that the user can offline access, and the resource of server need to refer to the resource of user's online access.
When user's offline access, offline resources is just to be stored in browser before the user uses browser, and by the resource security access means, offline resources is encrypted, in case data are checked by the illegal software of outside.
When user's online access, server transmits the encryption tunnel of data based on security protocol, data buffer storage is encrypted rear at HTTP (Hypertext Transport Protocol, HTTP) additional encryption mark and interim index key on head response, after response message is resolved through the resource security access means, according to encrypted indicia and temporary key index, to the disposable session key of security gateway acquisition request of resource security access means, encrypted document shows the user through after secret key decryption.
What need to replenish is, the resource that the storage of resource security access means gets from server also comprises user's behavioral strategy except buffer memory and offline resources, wherein, user's behavioral strategy refers to recording user access behavior, the file of downloading, the file of performing fighting etc.
If S207 receives the access instruction of user's input after predetermined period, the resource security access means is not obtained the resource of the indicated server of access instruction.
If receive the access instruction of user's input after predetermined period, illustrate that user's access is overtime, at this moment the resource security access means is understood automatic stop user's accessing operation, does not obtain the resource of the indicated server of access instruction.
If S208 receives cancellation or the exit instruction of user input, the resource that gets from server of resource security access means deletion storage and resource that the deletion user downloads.
If receive cancellation or the exit instruction of user input, the resource security access means can trigger the tunnel behavior of nullifying, and the resource that gets from server of resource security access means deletion storage and resource that the deletion user downloads, guaranteed the fail safe of data.
the method of a kind of resource security access that the embodiment of the present invention provides, by obtaining user's authentication information, browser software summary and hardware keys sign, if authentication information be pre-stored in the users to trust list corresponding user profile and be complementary, browser software summary be pre-stored in that in the browser trust list, corresponding browser software summary info is complementary, hardware keys sign be pre-stored in that in the hardware keys list, corresponding hardware keys information is complementary, generate user's Authorization result, wherein, Authorization result comprises addressable the Resources list, resource usage policy, and show addressable the Resources list, so that the user is according to addressable the Resources list input reference instruction, and obtain the indicated pre-stored resource of access instruction or the resource of server according to resource usage policy.By this scheme; because authentication information, browser software summary and hardware keys sign to the user all authenticate; only having can the access services device by the user of authentication, thereby makes user's resource of access services device safely, realizes the protection of server resource.
The embodiment of the present invention provides a kind of resource security access means 1, and corresponding such scheme embodiment, each functional unit of resource security access means 1 all can be used for the said method step, as shown in Figure 3, comprising:
Local service module 10 is used for obtaining user's authentication information and browser software summary, and shows addressable the Resources list, so that the user is according to addressable the Resources list input reference instruction.
Further, local service module 10 also is used for obtaining the hardware keys sign.
In the modern enterprise working way, become gradually the principal mode of enterprise's office based on the Operational Visit of browsing device net page, can improve the operating efficiency of enterprise staff, the convenience that makes full use of internet.the method of the resource security access that the embodiment of the present invention proposes, when resource security access means 1 is started by the user, at first local service module 10 can read built-in user's the authentication page, the user need to be by this user's authentication page input authentication information, insert hardware keys according to user's request subsequently, if insert the hardware encryption key, resource security access means 1 is extracted the hardware keys sign automatically, wherein, the hardware keys of the embodiment of the present invention can be a kind ofly to have a cryptographic authorization functions by what USB directly was connected with computer, reliable small-sized storage facilities at a high speed.
need to prove, difference according to strategy, authentication information can be the set account name of user, password, it can be also user's name, job number, the personal information such as identification card number, it can also be digital certificate, the information such as dynamic password, wherein, digital certificate refers in internet communication a series of data of sign communication each side identity information, a kind of mode of identifying user identity on the internet is provided, its effect is similar to driver's driving license or the identity card in daily life, dynamic password is the random digit combination that changes according to special algorithm, main generation form has SMS, hardware token, handset token, dynamic password.
When resource security access means 1 is started by the user, local service module 10 also can read the browser software summary that the user uses, the browser software summary is the sign of browser, be specifically as follows a character string, by this character string, whether resource security access means 1 can be judged and rewritten by outside illegal operation and produce hidden danger.
After the user has passed through the identity information checking, resource security access means 1 generates user's Authorization result, Authorization result comprises addressable the Resources list, and is shown to the user by resource security access means 1, so that the user can pass through the Resources list input reference instruction.
Further, the Authorization result that resource security access means 1 generates the user comprises addressable the Resources list and resource usage policy, wherein, the Resources list is that the form with a resource bookmark page shows the user's, the resource bookmark is that the resource page template built-in according to resource security access means 1 constructed, bookmark not only comprises web page resources, also comprise the resources such as application, desktop, virtual machine, find easily self needed resource for the user is clear, and then the input reference instruction.
Authentication module 11, be complementary if be used for authentication information and be pre-stored in the corresponding user profile of users to trust list, browser software summary be pre-stored in that in the browser trust list, corresponding browser software summary info is complementary, generate user's Authorization result, Authorization result comprises addressable the Resources list.
Further, authentication module 11 if also be used for described hardware keys sign and be pre-stored in the corresponding hardware keys information of hardware keys list being complementary, generates described user's Authorization result.
Further, described Authorization result also comprises resource usage policy.
Resource security access means 1 is carried out verification to it respectively after getting user's authentication information, browser software summary and hardware keys sign.Resource security access means 1 authenticates the user's that gets authentication information, browser software summary and hardware keys sign by the authentication module 11 that the tunnel of consulting to set up based on SSL sends to resource security access means 1, wherein, SSL provides a kind of security protocol of safety and data integrity for network service, in transport layer, network is connected to be encrypted.
Need to prove, the user's that resource security access means 1 gets authentication information, browser software summary and hardware keys sign have more than the authentication module 11 that is confined to send to by the tunnel of setting up based on ssl protocol resource security access means 1 and authenticate, and also can set up the authentication module 11 that the tunnel sends to resource security access means 1 based on security protocols such as TLS and authenticate.
resource security access means 1 is with the user's that gets authentication information, browser software summary and hardware keys sign authenticate by the authentication module 11 that the tunnel of consulting to set up based on SSL sends to resource security access means 1, if authentication information be pre-stored in the users to trust list corresponding user profile and be complementary, and browser software summary be pre-stored in that in the browser trust list, corresponding browser software summary info is complementary, and hardware keys identifies and is pre-stored in, and in the hardware keys list, corresponding hardware keys information is complementary, illustrate that the user has passed through authentication, thereby can continue to browse resource.
After the user had passed through the identity information checking, resource security access means 1 generated user's Authorization result, and Authorization result comprises addressable the Resources list, resource usage policy, so that the user can pass through the Resources list access resources.
What need to replenish is, after the user has passed through the identity information checking, resource security access means 1 generates user's Authorization result, Authorization result is except comprising addressable the Resources list, resource usage policy, so that the user can pass through the Resources list access resources, also comprise user right information and resource security access level information, wherein, user right information indicates whether to allow the user to upload or downloaded resources, and the indication of resource security access level information allows the grade of the resource of user's download.
exemplary, resource security access means 1 is divided into 10 grades according to strategy with the safe class of All Files, user A still is in the employee of practice phase for certain company, the indication of user right information does not allow this user's upload and download resource, user B is the common employee of certain company, the indication of user right information allows this user's upload and download resource, resource security access level information is 3 grades, it is 3 that i.e. indication allows the grade of the resource of user's download, illustrate that the Downloadable hierarchical resource of this user is 1 grade, 2 grades and 3 grades, user C is the administrative staff of certain company, the indication of user right information allows this user's upload and download resource, resource security access level information is 10 grades, it is 10 that i.e. indication allows the grade of the resource of user's download, all resources that this user can download are described.
Secure communication module 12 is used for obtaining the indicated pre-stored resource of access instruction or the resource of server according to resource usage policy.
Further, secure communication module 12, concrete being used for obtained the indicated pre-stored resource of described access instruction or the resource of server according to described resource usage policy.
Resource security access means 1 receives the access instruction that the user inputs, and obtains the indicated pre-stored resource of access instruction or the resource of server according to resource usage policy.
What need to replenish is, the pre-stored resource that access instruction is indicated or the resource of server have referred to respectively different resource types, and resource security access means 1 is divided into resource that can offline access with resource and needs the resource of user's online access.Pre-stored resource refers to the resource that the user can offline access, and the resource of server need to refer to the resource of user's online access, the resource that wherein user can offline access before the user uses browser just in advance in browser.
If obtain the resource of the indicated server of access instruction, namely need the resource of user's online access, server transmits the encryption tunnel of data based on security protocol, and resource is called local interface according to resource usage policy and is concentrated and to show the user.
Further, secure communication module 12 if also be used for receiving the access instruction of user's input after predetermined period, is not obtained the resource of the indicated server of access instruction.
If receive the access instruction of user's input after predetermined period, illustrate that user's access is overtime, at this moment resource security access means 1 is understood automatic stop user's accessing operation, does not obtain the resource of the indicated server of access instruction.
Further, as shown in Figure 4, resource security access means 1 also comprises:
Memory module 13, the resource that storage gets from server.
Further, as shown in Figure 5, resource security access means 1 also comprises:
Encrypting module 14 is used for the resource of the server that gets is encrypted.
The pre-stored resource that access instruction is indicated or the resource of server have referred to respectively different resource types, and resource security access means 1 is divided into resource that can offline access with resource and needs the resource of user's online access.Pre-stored resource refers to the resource that the user can offline access, and the resource of server need to refer to the resource of user's online access.
When user's offline access, offline resources is just to be stored in browser before the user uses browser, and is encrypted by 1 pair of offline resources of resource security access means, in case data are checked by the illegal software of outside.
When user's online access, server transmits the encryption tunnel of data based on security protocol, data buffer storage is encrypted additional encryption mark and interim index key on the http response head afterwards, after response message is resolved through resource security access means 1, according to encrypted indicia and temporary key index, to the disposable session key of security gateway acquisition request of resource security access means 1, encrypted document shows the user through after secret key decryption.
What need to replenish is, the resource that 1 storage of resource security access means gets from server also comprises user's behavioral strategy except buffer memory and offline resources, wherein, user's behavioral strategy refers to recording user access behavior, the file of downloading, the file of performing fighting etc.
Further, memory module 13, if also be used for receiving cancellation or the exit instruction of user's input, the resource that gets from server of deletion storage and resource that the deletion user downloads.
If receive cancellation or the exit instruction of user's input, resource security access means 1 can trigger the tunnel behavior of nullifying, the resource that gets from server of resource security access means 1 deletion storage and resource that the deletion user downloads, guaranteed the fail safe of data.
the device 1 of a kind of resource security access that the embodiment of the present invention provides, by authentication information and the browser software summary that obtains the user, if authentication information be pre-stored in the users to trust list corresponding user profile and be complementary, browser software summary be pre-stored in that in the browser trust list, corresponding browser software summary info is complementary, generate user's Authorization result, wherein, Authorization result comprises addressable the Resources list, and show addressable the Resources list, so that the user is according to addressable the Resources list input reference instruction, and obtain the indicated pre-stored resource of access instruction or the resource of server.By this scheme; because authentication information, browser software summary and hardware keys sign to the user all authenticate; only having can the access services device by the user of authentication, thereby makes user's resource of access services device safely, realizes the protection of server resource.
The embodiment of the present invention provides a kind of resource security accessor 2, and corresponding such scheme embodiment, each functional unit of resource security accessor 2 all can be used for the said method step.As shown in Figure 6, comprising:
Secure browser 20, be used for obtaining user's authentication information and browser software summary, and show addressable the Resources list, so that the user is according to addressable the Resources list input reference instruction, and obtain the indicated pre-stored resource of access instruction or the resource of server.
Further, described secure browser also is used for obtaining the hardware keys sign.
In the modern enterprise working way, become gradually the principal mode of enterprise's office based on the Operational Visit of browsing device net page, can improve the operating efficiency of enterprise staff, the convenience that makes full use of internet.The method of the resource security access that the embodiment of the present invention proposes, when resource security accessor 2 is started by the user, at first read the built-in user's of resource security accessor 2 the authentication page, the user need to input authentication information, insert subsequently hardware keys, resource security accessor 2 extracts the hardware keys sign automatically, wherein, hardware keys refers to a kind ofly have cryptographic authorization functions, a reliable small-sized storage facilities at a high speed by what USB directly was connected with computer.
need to prove, difference according to strategy, authentication information can be the set account name of user, password, it can be also user's name, job number, the personal information such as identification card number, it can also be digital certificate, the information such as dynamic password, wherein, digital certificate refers in internet communication a series of data of sign communication each side identity information, a kind of mode of identifying user identity on the internet is provided, its effect is similar to driver's driving license or the identity card in daily life, dynamic password is the random digit combination that changes according to special algorithm, main generation form has SMS, hardware token, handset token, dynamic password.
When resource security accessor 2 is started by the user, resource security accessor 2 also can read and carry the browser software summary, we can regard the browser software summary as browser self a peculiar character string, by this string character string, we can know whether this resource security accessor 2 is rewritten by outside illegal operation and produce hidden danger.
After the user has passed through the identity information checking, resource security accessor 2 generates user's Authorization result, Authorization result comprises addressable the Resources list, resource usage policy, and is shown to the user by resource security accessor 2, so that the user can pass through the Resources list input reference instruction.
What need to replenish is, the Authorization result that resource security accessor 2 generates the user comprises addressable the Resources list and resource usage policy, wherein, the Resources list is that the form with a resource bookmark page shows the user's, the resource bookmark is that the resource page template built-in according to resource security accessor 2 constructed, bookmark not only comprises web page resources, also comprise the resources such as application, desktop, virtual machine, find easily self needed resource for the user is clear, and then the input reference instruction.
Resource security accessor 2 receives the access instruction that the user inputs, and obtains the indicated pre-stored resource of access instruction or the resource of server according to resource usage policy.
What need to replenish is, the pre-stored resource that access instruction is indicated or the resource of server have referred to respectively different resource types, and resource security accessor 2 is divided into resource that can offline access with resource and needs the resource of user's online access.Pre-stored resource refers to the resource that the user can offline access, and the resource of server need to refer to the resource of user's online access, the resource that wherein user can offline access before the user uses browser just in advance in browser.
If obtain the resource of the indicated server of access instruction, namely need the resource of user's online access, server transmits the encryption tunnel of data based on security protocol, and resource is called local interface according to resource usage policy and is concentrated and to show the user.
Security gateway 21, be complementary if be used for authentication information and be pre-stored in the corresponding user profile of users to trust list, browser software summary be pre-stored in that in the browser trust list, corresponding browser software summary info is complementary, generate user's Authorization result, Authorization result comprises addressable the Resources list.
Further, described security gateway if also be used for described hardware keys sign and be pre-stored in the corresponding hardware keys information of hardware keys list being complementary, generates described user's Authorization result.
Further, described Authorization result also comprises resource usage policy;
Wherein, described secure browser, concrete being used for obtained the indicated pre-stored resource of described access instruction or the resource of server according to described resource usage policy.
Resource security accessor 2 carries out verification to it respectively after getting user's authentication information, browser software summary and hardware keys sign.Resource security accessor 2 authenticates the user's that gets authentication information, browser software summary and hardware keys sign by the authentication module that the tunnel of consulting to set up based on SSL sends to resource security accessor 2, wherein, SSL provides a kind of security protocol of safety and data integrity for network service, in transport layer, network is connected to be encrypted.
Need to prove, the user's that resource security accessor 2 gets authentication information, browser software summary and hardware keys sign have more than the authentication module that is confined to send to by the tunnel of setting up based on ssl protocol resource security accessor 2 and authenticate, and also can set up the authentication module that the tunnel sends to resource security accessor 2 based on security protocols such as TLS and authenticate.
resource security accessor 2 is with the user's that gets authentication information, browser software summary and hardware keys sign authenticate by the authentication module that the tunnel of consulting to set up based on SSL sends to resource security accessor 2, if authentication information be pre-stored in the users to trust list corresponding user profile and be complementary, and browser software summary be pre-stored in that in the browser trust list, corresponding browser software summary info is complementary, and hardware keys identifies and is pre-stored in, and in the hardware keys list, corresponding hardware keys information is complementary, illustrate that the user has passed through authentication, thereby can continue to browse resource.
After the user had passed through the identity information checking, resource security accessor 2 generated user's Authorization result, and Authorization result comprises addressable the Resources list, resource usage policy, so that the user can pass through the Resources list access resources.
What need to replenish is, after the user has passed through the identity information checking, resource security accessor 2 generates user's Authorization result, Authorization result is except comprising addressable the Resources list, resource usage policy, so that the user can pass through the Resources list access resources, also comprise user right information and resource security access level information, wherein, user right information indicates whether to allow the user to upload or downloaded resources, and the indication of resource security access level information allows the grade of the resource of user's download.
exemplary, resource security accessor 2 is divided into 10 grades according to strategy with the safe class of All Files, user A still is in the employee of practice phase for certain company, the indication of user right information does not allow this user's upload and download resource, user B is the common employee of certain company, the indication of user right information allows this user's upload and download resource, resource security access level information is 3 grades, it is 3 that i.e. indication allows the grade of the resource of user's download, illustrate that the Downloadable hierarchical resource of this user is 1 grade, 2 grades and 3 grades, user C is the administrative staff of certain company, the indication of user right information allows this user's upload and download resource, resource security access level information is 10 grades, it is 10 that i.e. indication allows the grade of the resource of user's download, all resources that this user can download are described.
Further, security gateway 21 if also be used for receiving the access instruction of user's input after predetermined period, does not obtain the resource of the indicated server of access instruction.
If receive the access instruction of user's input after predetermined period, illustrate that user's access is overtime, at this moment resource security accessor 2 is understood automatic stop users' accessing operation, does not obtain the resource of the indicated server of access instruction.
Further, secure browser 20 also is used for the resource that storage gets from server.
Further, security gateway 21 also is used for the resource of the server that gets is encrypted.
The pre-stored resource that access instruction is indicated or the resource of server have referred to respectively different resource types, and resource security accessor 2 is divided into resource that can offline access with resource and needs the resource of user's online access.Pre-stored resource refers to the resource that the user can offline access, and the resource of server need to refer to the resource of user's online access.
When user's offline access, offline resources is just to be stored in browser before the user uses browser, and is encrypted by 2 pairs of offline resources of resource security accessor, in case data are checked by the illegal software of outside.
When user's online access, server transmits the encryption tunnel of data based on security protocol, data buffer storage is encrypted additional encryption mark and interim index key on the http response head afterwards, after response message is resolved through resource security accessor 2, according to encrypted indicia and temporary key index, to the security gateway 21 disposable session keys of acquisition request of resource security accessor 2, encrypted document shows the user through after secret key decryption.
What need to replenish is, the resource that 2 storages of resource security accessor get from server also comprises user's behavioral strategy except buffer memory and offline resources, wherein, user's behavioral strategy refers to recording user access behavior, the file of downloading, the file of performing fighting etc.
Further, resource security accessor 2, if also be used for receiving cancellation or the exit instruction of user's input, the resource that gets from server of deletion storage and resource that the deletion user downloads.
If receive cancellation or the exit instruction of user input, resource security accessor 2 can trigger the tunnel behaviors of nullifying, and the resource that gets from server of resource security accessor 2 deletion storages and resource that the deletion user downloads, guaranteed the fail safe of data.
the device of a kind of resource security access that the embodiment of the present invention provides, by authentication information and the browser software summary that obtains the user, if authentication information be pre-stored in the users to trust list corresponding user profile and be complementary, browser software summary be pre-stored in that in the browser trust list, corresponding browser software summary info is complementary, generate user's Authorization result, wherein, Authorization result comprises addressable the Resources list, and show addressable the Resources list, so that the user is according to addressable the Resources list input reference instruction, and obtain the indicated pre-stored resource of access instruction or the resource of server.By this scheme; because authentication information, browser software summary and hardware keys sign to the user all authenticate; only having can the access services device by the user of authentication, thereby makes user's resource of access services device safely, realizes the protection of server resource.
Need to prove; the embodiment of the present invention is because authentication information, browser software summary and the hardware keys sign to the user all authenticates; only having can the access services device by the user of authentication; thereby make user's resource of access services device safely, realize the protection of server resource.But this resource security accessor is except being applied on PC (Personal Computer, personal computer); can also be arranged in other subscriber equipmenies, for example, panel computer etc.; can make equally user's resource of access services device safely, realize the protection of server resource.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be completed by the hardware that program command is correlated with, aforesaid program can be stored in a computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: the various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited to this, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of described claim.

Claims (15)

1. a resource security access method, is characterized in that, comprising:
Obtain user's authentication information and browser software summary;
If described authentication information be pre-stored in the users to trust list corresponding user profile and be complementary, described browser software summary be pre-stored in that in the browser trust list, corresponding browser software summary info is complementary, generate described user's Authorization result, described Authorization result comprises addressable the Resources list;
Show described addressable the Resources list, so that described user is according to described addressable the Resources list input reference instruction;
Obtain the indicated pre-stored resource of described access instruction or the resource of server.
2. resource security access method according to claim 1, is characterized in that, also comprises:
Obtain the hardware keys sign;
In the hardware keys list, corresponding hardware keys information is complementary if described hardware keys identifies and is pre-stored in, and generates described user's Authorization result.
3. resource security access method according to claim 1 and 2, is characterized in that, described Authorization result also comprises resource usage policy;
Wherein, describedly obtain the indicated pre-stored resource of described access instruction or the resource of server comprises:
Obtain the indicated pre-stored resource of described access instruction or the resource of server according to described resource usage policy.
4. the described resource security access method of any one according to claim 1-3, is characterized in that, if receive the described access instruction of user's input after predetermined period, do not obtain the resource of the indicated server of described access instruction.
5. the described resource security access method of any one according to claim 1-4, is characterized in that, described Authorization result also comprises user right information, and described user right information indicates whether to allow described user to upload or downloaded resources.
6. the described resource security access method of any one according to claim 1-5, is characterized in that, described Authorization result also comprises resource security access level information, and described resource security access level information indication allows the grade of the resource that described user downloads.
7. a resource security access means, is characterized in that, comprising:
The local service module is used for obtaining user's authentication information and browser software summary, and shows described addressable the Resources list, so that described user is according to described addressable the Resources list input reference instruction;
Authentication module, be complementary if be used for described authentication information and be pre-stored in the corresponding user profile of users to trust list, described browser software summary be pre-stored in that in the browser trust list, corresponding browser software summary info is complementary, generate described user's Authorization result, described Authorization result comprises addressable the Resources list;
The secure communication module is used for obtaining the indicated pre-stored resource of described access instruction or the resource of server.
8. resource security access means according to claim 7, is characterized in that,
Described local service module also is used for obtaining the hardware keys sign;
Described authentication module if also be used for described hardware keys sign and be pre-stored in the corresponding hardware keys information of hardware keys list being complementary, generates described user's Authorization result.
9. according to claim 7 or 8 described resource security access means, is characterized in that, described Authorization result also comprises resource usage policy;
Wherein, described secure communication module, concrete being used for obtained the indicated pre-stored resource of described access instruction or the resource of server according to described resource usage policy.
10. the described resource security access means of any one according to claim 7-9, is characterized in that,
Described secure communication module if also be used for receiving the described access instruction of user's input after predetermined period, is not obtained the resource of the indicated server of described access instruction.
11. according to claim 7-10, the device of the described resource security access of any one, is characterized in that, described Authorization result also comprises user right information, and described user right information indicates whether to allow described user to upload or downloaded resources.
12. the described resource security access means of any one according to claim 7-11, it is characterized in that, described Authorization result also comprises resource security access level information, and described resource security access level information indication allows the grade of the resource of described user's download.
13. a resource security accessor is characterized in that, comprising:
Secure browser, be used for obtaining user's authentication information and browser software summary, and show described addressable the Resources list, so that described user is according to described addressable the Resources list input reference instruction, and obtain the indicated pre-stored resource of described access instruction or the resource of server;
Security gateway, be complementary if be used for described authentication information and be pre-stored in the corresponding user profile of users to trust list, described browser software summary be pre-stored in that in the browser trust list, corresponding browser software summary info is complementary, generate described user's Authorization result, described Authorization result comprises addressable the Resources list.
14. resource security accessor according to claim 13 is characterized in that,
Described secure browser also is used for obtaining the hardware keys sign;
Described security gateway if also be used for described hardware keys sign and be pre-stored in the corresponding hardware keys information of hardware keys list being complementary, generates described user's Authorization result.
15. according to claim 13 or 14 described resource security accessors is characterized in that described Authorization result also comprises resource usage policy;
Wherein, described secure browser, concrete being used for obtained the indicated pre-stored resource of described access instruction or the resource of server according to described resource usage policy.
CN2012800017887A 2012-10-16 2012-10-16 Resource safety access method and device Pending CN103109510A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2012/083035 WO2014059604A1 (en) 2012-10-16 2012-10-16 Method and device for secure access to resource

Publications (1)

Publication Number Publication Date
CN103109510A true CN103109510A (en) 2013-05-15

Family

ID=48316010

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2012800017887A Pending CN103109510A (en) 2012-10-16 2012-10-16 Resource safety access method and device

Country Status (2)

Country Link
CN (1) CN103109510A (en)
WO (1) WO2014059604A1 (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103475666A (en) * 2013-09-23 2013-12-25 中国科学院声学研究所 Internet of things resource digital signature authentication method
CN103905208A (en) * 2014-04-24 2014-07-02 快车科技有限公司 Interactive method using asymmetric security mechanisms
CN104426938A (en) * 2013-08-27 2015-03-18 宇宙互联有限公司 Storage management system and method
CN104424407A (en) * 2013-08-27 2015-03-18 宇宙互联有限公司 Storage management system and method
CN105208042A (en) * 2015-10-15 2015-12-30 黄云鸿 Resource safety access method and system
CN105224834A (en) * 2015-08-21 2016-01-06 镇江乐游网络科技有限公司 The system and method for access control based roles in mobile network
CN106576329A (en) * 2014-09-26 2017-04-19 英特尔公司 Context-based resource access mediation
CN107222485A (en) * 2017-06-14 2017-09-29 腾讯科技(深圳)有限公司 A kind of authorization method and relevant device
WO2018157362A1 (en) * 2017-03-02 2018-09-07 廖建强 Access control method and terminal
CN109033758A (en) * 2018-08-01 2018-12-18 北京景行锐创软件有限公司 A kind of license resources access method and system
CN110197075A (en) * 2018-04-11 2019-09-03 腾讯科技(深圳)有限公司 Resource access method, calculates equipment and storage medium at device
WO2020025005A1 (en) * 2018-08-03 2020-02-06 奇酷互联网络科技(深圳)有限公司 Mobile terminal, and entering method and device of privacy system
CN111064731A (en) * 2019-12-23 2020-04-24 北京神州绿盟信息安全科技股份有限公司 Identification method and identification device for access authority of browser request and terminal
CN111079170A (en) * 2019-11-04 2020-04-28 湖南源科创新科技有限公司 Control method and control device of solid state disk
CN112632525A (en) * 2020-12-30 2021-04-09 南京中孚信息技术有限公司 Method and device for limiting user to access electronic document
CN112887983A (en) * 2021-01-27 2021-06-01 上海银基信息安全技术股份有限公司 Equipment identity authentication method, device, equipment and medium

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107231336A (en) * 2016-03-25 2017-10-03 中兴通讯股份有限公司 A kind of access control method, device and the gateway device of LAN Intranet resource
CN114006739A (en) * 2021-10-25 2022-02-01 恒安嘉新(北京)科技股份公司 Resource request processing method, device, equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1617620A1 (en) * 2004-06-22 2006-01-18 Avaya Technology Corp. Method and apparatus for user authentication and authorization
US20080189759A1 (en) * 2007-02-04 2008-08-07 Bank Of America Corporation Mobile banking
CN101340436A (en) * 2008-08-14 2009-01-07 普天信息技术研究院有限公司 Method and apparatus implementing remote access control based on portable memory apparatus
CN101741764A (en) * 2009-12-25 2010-06-16 金蝶软件(中国)有限公司 Method and system for document transmission in enterprise wide area network (WAN)
CN101764742A (en) * 2009-12-30 2010-06-30 福建星网锐捷网络有限公司 Network resource visit control system and method
CN101771677A (en) * 2008-12-31 2010-07-07 华为技术有限公司 Method for providing resource for access user, server and system thereof

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102722585B (en) * 2012-06-08 2015-01-14 亿赞普(北京)科技有限公司 Browser type identification method, device and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1617620A1 (en) * 2004-06-22 2006-01-18 Avaya Technology Corp. Method and apparatus for user authentication and authorization
US20080189759A1 (en) * 2007-02-04 2008-08-07 Bank Of America Corporation Mobile banking
CN101340436A (en) * 2008-08-14 2009-01-07 普天信息技术研究院有限公司 Method and apparatus implementing remote access control based on portable memory apparatus
CN101771677A (en) * 2008-12-31 2010-07-07 华为技术有限公司 Method for providing resource for access user, server and system thereof
CN101741764A (en) * 2009-12-25 2010-06-16 金蝶软件(中国)有限公司 Method and system for document transmission in enterprise wide area network (WAN)
CN101764742A (en) * 2009-12-30 2010-06-30 福建星网锐捷网络有限公司 Network resource visit control system and method

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104426938A (en) * 2013-08-27 2015-03-18 宇宙互联有限公司 Storage management system and method
CN104424407A (en) * 2013-08-27 2015-03-18 宇宙互联有限公司 Storage management system and method
CN103475666B (en) * 2013-09-23 2017-01-04 中国科学院声学研究所 A kind of digital signature authentication method of Internet of Things resource
CN103475666A (en) * 2013-09-23 2013-12-25 中国科学院声学研究所 Internet of things resource digital signature authentication method
CN103905208A (en) * 2014-04-24 2014-07-02 快车科技有限公司 Interactive method using asymmetric security mechanisms
WO2015161563A1 (en) * 2014-04-24 2015-10-29 快车科技有限公司 Interaction method using asymmetric security mechanisms
US10560462B2 (en) 2014-09-26 2020-02-11 Intel Corporation Context-based resource access mediation
CN106576329A (en) * 2014-09-26 2017-04-19 英特尔公司 Context-based resource access mediation
CN106576329B (en) * 2014-09-26 2021-03-30 英特尔公司 Context-based resource access mediation
CN105224834A (en) * 2015-08-21 2016-01-06 镇江乐游网络科技有限公司 The system and method for access control based roles in mobile network
CN105208042A (en) * 2015-10-15 2015-12-30 黄云鸿 Resource safety access method and system
WO2018157362A1 (en) * 2017-03-02 2018-09-07 廖建强 Access control method and terminal
CN107222485B (en) * 2017-06-14 2020-08-21 腾讯科技(深圳)有限公司 Authorization method and related equipment
CN107222485A (en) * 2017-06-14 2017-09-29 腾讯科技(深圳)有限公司 A kind of authorization method and relevant device
CN110197075A (en) * 2018-04-11 2019-09-03 腾讯科技(深圳)有限公司 Resource access method, calculates equipment and storage medium at device
CN109033758B (en) * 2018-08-01 2020-04-21 北京景行锐创软件有限公司 License resource access method and system
CN109033758A (en) * 2018-08-01 2018-12-18 北京景行锐创软件有限公司 A kind of license resources access method and system
WO2020025005A1 (en) * 2018-08-03 2020-02-06 奇酷互联网络科技(深圳)有限公司 Mobile terminal, and entering method and device of privacy system
CN111079170A (en) * 2019-11-04 2020-04-28 湖南源科创新科技有限公司 Control method and control device of solid state disk
CN111079170B (en) * 2019-11-04 2021-11-23 湖南源科创新科技有限公司 Control method and control device of solid state disk
CN111064731A (en) * 2019-12-23 2020-04-24 北京神州绿盟信息安全科技股份有限公司 Identification method and identification device for access authority of browser request and terminal
CN111064731B (en) * 2019-12-23 2022-02-15 绿盟科技集团股份有限公司 Identification method and identification device for access authority of browser request and terminal
CN112632525A (en) * 2020-12-30 2021-04-09 南京中孚信息技术有限公司 Method and device for limiting user to access electronic document
CN112887983A (en) * 2021-01-27 2021-06-01 上海银基信息安全技术股份有限公司 Equipment identity authentication method, device, equipment and medium
CN112887983B (en) * 2021-01-27 2023-11-24 上海银基信息安全技术股份有限公司 Equipment identity authentication method, device, equipment and medium

Also Published As

Publication number Publication date
WO2014059604A1 (en) 2014-04-24

Similar Documents

Publication Publication Date Title
CN103109510A (en) Resource safety access method and device
CN108322461B (en) Method, system, device, equipment and medium for automatically logging in application program
US8510572B2 (en) Remote access system, gateway, client device, program, and storage medium
Li et al. The {Emperor’s} new password manager: Security analysis of web-based password managers
CN104662870B (en) Data safety management system
EP1918843B1 (en) Method and apparatus for centrally managed encrypted partition
CN112313652A (en) System and method for providing data loss protection via an embedded browser
CN101072102B (en) Information leakage preventing technology based on safety desktop for network environment
US20070124536A1 (en) Token device providing a secure work environment and utilizing a virtual interface
CN103390026A (en) Mobile intelligent terminal security browser and working method thereof
CN112997153A (en) System and method for consistent execution policy across different SAAS applications via embedded browser
JP2005242745A (en) Harware token, authentication method using same, computer apparatus, and program
CN104364792A (en) Account management for multiple network sites
KR100440037B1 (en) Document security system
CN102333072A (en) Network banking trusted transaction system and method based on intelligent terminal
CN103154965A (en) Method, secure device, system and computer program product for securely managing user access to a file system
CN101398764A (en) Portable usb device that boots a computer as a server with security measure
US8307425B2 (en) Portable computer accounts
US11595208B2 (en) Self-service device encryption key access
CN102831335A (en) Safety protecting method and safety protecting system of Windows operating system
Otterbein et al. The German eID as an authentication token on android devices
US7934099B2 (en) Device and method for generating digital signatures
Teufl et al. iOS encryption systems: Deploying iOS devices in security-critical environments
CN113039769A (en) System and method for deep linking of SAAS applications via embedded browser
CN102855419A (en) Copyright protection method for data files of intelligent terminals

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20130515