CN103188255A - Application proxy and security module separated network security protection method - Google Patents
Application proxy and security module separated network security protection method Download PDFInfo
- Publication number
- CN103188255A CN103188255A CN2011104615853A CN201110461585A CN103188255A CN 103188255 A CN103188255 A CN 103188255A CN 2011104615853 A CN2011104615853 A CN 2011104615853A CN 201110461585 A CN201110461585 A CN 201110461585A CN 103188255 A CN103188255 A CN 103188255A
- Authority
- CN
- China
- Prior art keywords
- security
- module
- proxy
- application
- security module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention provides an application proxy and security module separated network security protection method for simultaneously protecting information security among a plurality of applications. The application proxy and security module separated network security protection method comprises the following steps that: (1) because a client side firstly passes through a proxy module when having access to background services, data sent by the client side is decomposed by the proxy module, and effective information in the data is analyzed and delivered into a security module; (2) the information is returned to the proxy module after whether the delivered information is secure is judged by the security module; and (3) whether the information is agented to a server is determined by the proxy module according to a return value of the security module. The network security protection method provided by the invention has the advantages that the application security problem of a plurality of different applications can be solved simultaneously; and a security and application separation mode is adopted, so that the application security and the system security are protected.
Description
Technical field
The present invention relates to a kind of network safety protective method, the network safety protective method that especially a kind of application proxy separates with security module.
Background technology
The security mechanism of existing application level is mainly divided two kinds: 1, oneself developing in the application system has security mechanism: using in this is the part of security mechanism as application, is compiled in the application program the inside.2, use the API of the security module interface of third party's exploitation.As can be seen, these two kinds of method for security protection all are when the client-access server in Fig. 1, if the application safety module is arranged, server returns to the server process request after can passing to the application safety module to data earlier; If not then directly give server process.
This process is easy to find out that client directly links to each other with server.Application safety and application are an integral body.Add if desired and use, need develop different programs to different application, also must make amendment to application simultaneously.And the security module of both methods all is tied to closely with using, if leak has appearred in security module, so whole applying portion must be revised, and all can bring very big trouble for total system.Disobey and return operation directly to be applied on the application server, protection is attacked other firewall box must be installed again if desired.Simultaneously, the security module of many application and application module make whole system maintenance very complicated in a cover program.
Summary of the invention
The invention provides the network safety protective method that a kind of application proxy of protecting the information security between a plurality of application simultaneously separates with security module.
The network safety protective method that the application proxy of realization the object of the invention separates with security module comprises the steps:
When (1) the client-access backstage was served, earlier through proxy module, proxy module decomposed the data that client sends, and analyzed wherein effective information, imported security module into;
(2) after security module judges whether safety according to the information of importing into, return proxy module;
(3) again by proxy module according to the security module return value, determine whether to act on behalf of server.
The beneficial effect of the network safety protective method that a kind of application proxy of the present invention separates with security module is as follows:
1, network safety protective method of the present invention can solve simultaneously the application safety problem of a plurality of different application.
2, safety and application clastotype, protection application safety and system safety.
Description of drawings
Fig. 1 is the schematic diagram of existing network safety protective method.
The schematic diagram of the network safety protective method that Fig. 2 separates with security module for application proxy of the present invention.
Embodiment
As shown in Figure 2, the network safety protective method that application proxy of the present invention separates with security module comprises the steps:
When (1) the client-access backstage was served, earlier through proxy module, proxy module decomposed the data that client sends, and analyzed wherein effective information, imported security module into;
(2) after security module judges whether safety according to the information of importing into, return proxy module;
(3) again by proxy module according to the security module return value, determine whether to act on behalf of server.
The advantage of the network safety protective method that application proxy of the present invention separates with security module is as follows:
1, application separates fully with security module.
2, the agency separates fully with security module.
3, need not be based on using the redevelopment security module, the user can use this invention directly to add security module for using.
4, safety means solve the safety problem that many too platforms are used.
5, replace firewall functionality.
Embodiment recited above is described preferred implementation of the present invention; be not that scope of the present invention is limited; design under the spiritual prerequisite not breaking away from the present invention; various distortion and improvement that the common engineers and technicians in this area make technical solution of the present invention all should fall in the definite protection range of claims of the present invention.
Claims (1)
1. the network safety protective method that application proxy separates with security module comprises the steps:
When (1) the client-access backstage was served, earlier through proxy module, proxy module decomposed the data that client sends, and analyzed wherein effective information, imported security module into;
(2) after security module judges whether safety according to the information of importing into, return proxy module;
(3) again by proxy module according to the security module return value, determine whether to act on behalf of server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011104615853A CN103188255A (en) | 2011-12-31 | 2011-12-31 | Application proxy and security module separated network security protection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011104615853A CN103188255A (en) | 2011-12-31 | 2011-12-31 | Application proxy and security module separated network security protection method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103188255A true CN103188255A (en) | 2013-07-03 |
Family
ID=48679224
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011104615853A Pending CN103188255A (en) | 2011-12-31 | 2011-12-31 | Application proxy and security module separated network security protection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103188255A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112039846A (en) * | 2020-07-24 | 2020-12-04 | 网宿科技股份有限公司 | Request processing method and safety protection system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060156388A1 (en) * | 2005-01-13 | 2006-07-13 | Vlad Stirbu | Method and apparatus for a security framework that enables identity and access control services |
| CN101141243A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | Device and method for carrying out security check and content filtering on communication data |
| CN101141447A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | HTTPS communication tunnel security check and content filtering system and method |
| CN101355427A (en) * | 2008-07-22 | 2009-01-28 | 中国移动通信集团江苏有限公司 | Internally-control safety method for information gateway-service support system |
| CN101741817A (en) * | 2008-11-21 | 2010-06-16 | 中国移动通信集团安徽有限公司 | System, device and method for multi-network integration |
| CN101902456A (en) * | 2010-02-09 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | Safety defense system of Website |
-
2011
- 2011-12-31 CN CN2011104615853A patent/CN103188255A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060156388A1 (en) * | 2005-01-13 | 2006-07-13 | Vlad Stirbu | Method and apparatus for a security framework that enables identity and access control services |
| CN101141243A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | Device and method for carrying out security check and content filtering on communication data |
| CN101141447A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | HTTPS communication tunnel security check and content filtering system and method |
| CN101355427A (en) * | 2008-07-22 | 2009-01-28 | 中国移动通信集团江苏有限公司 | Internally-control safety method for information gateway-service support system |
| CN101741817A (en) * | 2008-11-21 | 2010-06-16 | 中国移动通信集团安徽有限公司 | System, device and method for multi-network integration |
| CN101902456A (en) * | 2010-02-09 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | Safety defense system of Website |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112039846A (en) * | 2020-07-24 | 2020-12-04 | 网宿科技股份有限公司 | Request processing method and safety protection system |
| CN112039846B (en) * | 2020-07-24 | 2023-08-15 | 网宿科技股份有限公司 | Request processing method and safety protection system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Ab Rahman et al. | Forensic-by-design framework for cyber-physical cloud systems | |
| CN101951384B (en) | Distributed security domain logic boundary protection method | |
| CN102523197B (en) | Enterprise's social information exchange method, server and enterprise's social networking system | |
| CN102014141B (en) | Method for realizing security of network terminal equipment | |
| CN103701783B (en) | Preprocessing unit, data processing system consisting of same, and processing method | |
| WO2009102664A3 (en) | A method and apparatus for compensating for and reducing security attacks on network entities | |
| EP2870558A1 (en) | Methods and systems for use in identifying cyber-security threats in an aviation platform | |
| WO2011082322A3 (en) | A system and method for transmission of files within a secured network | |
| CN104660593A (en) | Method for filtering OPC security gateway data packets | |
| CN104580211B (en) | SOA architecture-based intrusive system | |
| CN104767741A (en) | Calculation service separating and safety protecting system based on light virtual machine | |
| GB201306126D0 (en) | Method, secure device, system and computer program product for security managing access to a file system | |
| CN101854359B (en) | Access control method based on virtualized calculation | |
| CN108183901B (en) | FPGA-based host security protection physical card and data processing method thereof | |
| CN105337978B (en) | A kind of section method for verifying authority and system based on security service blocking | |
| CN103684792A (en) | Safety authentication method for OAM (Operation, Administration and Maintenance) and OAM message sending/receiving device | |
| CN108924086A (en) | A kind of host information acquisition method based on TSM Security Agent | |
| CN110580556B (en) | Data processing method and system and processor | |
| CN102404331A (en) | Method for judging whether website is maliciously tampered | |
| CN103188255A (en) | Application proxy and security module separated network security protection method | |
| Kaneko et al. | STAMP S&S: Safety & Security Scenario for Specification and Standard in the society of AI/IoT | |
| CN110515700A (en) | A kind of virtual machine migration method, system, device and readable storage medium storing program for executing | |
| CN103095702A (en) | Request message reporting and processing method and device thereof | |
| CN105049437A (en) | Method for filtering network application layer data | |
| CN101834902A (en) | Front-end processor system and method for comprehensive management of remote power distribution room |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130703 |
|
| RJ01 | Rejection of invention patent application after publication |