CN105939330A - Method and device for processing local security policy configuration - Google Patents
Method and device for processing local security policy configuration Download PDFInfo
- Publication number
- CN105939330A CN105939330A CN201610079813.3A CN201610079813A CN105939330A CN 105939330 A CN105939330 A CN 105939330A CN 201610079813 A CN201610079813 A CN 201610079813A CN 105939330 A CN105939330 A CN 105939330A
- Authority
- CN
- China
- Prior art keywords
- key
- security
- server
- terminal
- safe key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
Abstract
The invention provides a method and a device for processing local security policy configuration. The method comprises the steps of obtaining a unique security key, wherein the unique security key indicates that security keys corresponding to different terminals are different; encrypting the security policy configuration according to the security key, generating a local security policy configuration file and storing the local security policy configuration file; when visiting an internal network, analyzing the local security policy configuration file based on the security key so as to obtain the security policy configuration, and carrying out security checking based on the security policy configuration. By applying the embodiment, divulgement of the local security policy configuration at a terminal is avoided efficiently, and accordingly an unsafe terminal is prevented from visiting the internal network and threatening the security of the internal network.
Description
Technical field
The application relates to network communication technology field, particularly relate to process local security policy configuration method and
Device.
Background technology
TAC (Terminal Access Control, terminal Access Control) solution is by accessing Intranet
The terminal of (such as, enterprise network) enforces the configuration of terminal security strategy, effectively strengthens terminal oneself
Dynamic defence capability, it is to avoid the terminal accessing Intranet is dangerous, threatens the safety of Intranet.Prior art
In, terminal accesses Intranet, after by authentication, can obtain security strategy to TAC server request
Configuration, and the security strategy configuration provided by keyword key encryption TAC server, generate local security
Policy configuration file also preserves.Terminal, when conducting interviews Intranet, resolves this local security policy configuration literary composition
Part, obtains security strategy configuration, checks inherently safe state according to the configuration of this security strategy, such as,
The system mend of self is upgraded the most, and whether virus base is updated to latest edition etc..Inspection result is
Intranet can be conducted interviews by the terminal of safety.
But, if the local security policy configuration file in terminal is copied in other terminal, due to often
Be previously provided with keyword key in individual terminal, and the keyword key on different terminals be the most identical, therefore its
He can also pass through the local security policy configuration file in this terminal of keyword key-parsing of self at terminal,
Causing the configuration of the local security policy in terminal to be divulged a secret, such as, assailant distorts the local security plan in terminal
Slightly configure so that terminal cannot be according to the safety of local security policy configuration accurately detection self, and having very much can
Unsafe terminal access Intranet can be caused, the safety of Intranet is threatened.
Summary of the invention
In view of this, the application provides a kind of method and device processing local security policy configuration, to realize
The local security policy configuration being effectively prevented from terminal is divulged a secret, and causes unsafe terminal access Intranet, right
The safety of Intranet threatens.
Specifically, the application is achieved by the following technical solution:
First aspect according to the embodiment of the present application, it is provided that the method processing local security policy configuration, the party
Method is applied in terminal, including:
Obtaining unique safe key, described unique safe key represents that safety corresponding to different terminals is close
Key is different;
Configure according to described secure key encryption security strategy, generate local security policy configuration file and preserve;
When accessing Intranet, resolve described local security policy configuration file according to described safe key, to obtain
Take the configuration of described security strategy, and carry out security inspection according to the configuration of described security strategy.
In one embodiment, the unique safe key of described acquisition includes:
Safe key is obtained, so that server generates clothes to the server request generating the configuration of described security strategy
Business device safe key, and the server security key that server generates according to different terminals is different;
Receive the server security key that described server returns, and preserve described server security key conduct
Described unique safe key.
In another embodiment, the unique safe key of described acquisition includes:
Safe key is obtained, so that server generates clothes to the server request generating the configuration of described security strategy
Business device safe key;
Receive the server security key that described server returns;
Hardware attributes mark according to described terminal, generates terminal security key;
According to default rule of combination, generate with described server security key according to described terminal security key
New safe key, using described new safe key as described unique safe key.
In another embodiment, described according to described safe key parsing described local security policy configuration literary composition
Part, including:
Obtain described server security key;
According to local security policy configuration file described in described server security key-parsing.
In another embodiment, described according to described safe key parsing described local security policy configuration literary composition
Part, including:
Obtain described server security key;
Hardware attributes mark according to described terminal, generates terminal security key;
According to default rule of combination, generate with described server security key according to described terminal security key
New safe key;
According to described new safe key, resolve described local security policy configuration file.
Second aspect according to the embodiment of the present application, it is provided that process the device of local security policy configuration, this dress
Put and apply in terminal, including:
Acquiring unit, is used for obtaining unique safe key, and described unique safe key represents different ends
The safe key that end is corresponding is different;
Ciphering unit, for configuring according to described secure key encryption security strategy, generates local security policy
Configuration file also preserves;
Resolution unit, for when accessing Intranet, resolves described local security policy according to described safe key
Configuration file, to obtain the configuration of described security strategy, and carries out safety inspection according to the configuration of described security strategy
Look into.
In one embodiment, described acquiring unit includes:
First request subelement, close for obtaining safety to the server request generating the configuration of described security strategy
Key, so that server generates server security key, and the server peace that server generates according to different terminals
Full key is different;
First receives subelement, for receiving the server security key that described server returns, and preserves institute
State server security key as described unique safe key.
In another embodiment, described acquiring unit includes:
Second request subelement, close for obtaining safety to the server request generating the configuration of described security strategy
Key, so that server generates server security key;
Second receives subelement, for receiving the server security key that described server returns;
First generates subelement, identifies for the hardware attributes according to described terminal, generates terminal security key;
First combination subelement, for according to default rule of combination, according to described terminal security key and institute
State server security key and generate new safe key, using described new safe key as described unique peace
Full key.
In another embodiment, described resolution unit includes:
First obtains subelement, is used for obtaining described server security key;
First resolves subelement, for joining according to local security policy described in described server security key-parsing
Put file.
In another embodiment, described resolution unit includes:
Second obtains subelement, is used for obtaining described server security key;
Second generates subelement, identifies for the hardware attributes according to described terminal, generates terminal security key;
Second combination subelement, for according to default rule, according to described terminal security key and described clothes
Business device safe key generates new safe key;
Second resolves subelement, for according to described new safe key, resolves described local security policy and joins
Put file.
The present embodiment processes the method for local security policy configuration, by obtaining a unique safe key,
This unique safe key represents that the safe key that different terminals gets is different, uses this unique
Secure key encryption security strategy configures, and generates local security policy configuration file and preserves.Due to difference
The safe key of terminal is different, even if the local security policy configuration file in this terminal is copied to
In other terminal, other terminal also cannot use the safe key of self to resolve this local security policy to join
Put file, thus avoid security strategy configuration and divulge a secret, cause unsafe terminal access Intranet, effectively
Ensure that the safety of Intranet.
Accompanying drawing explanation
Fig. 1 illustrates the application scenarios of the method that the embodiment of the present application realization processes local security policy configuration and shows
It is intended to.
Fig. 2 illustrates the embodiment flow chart that the application processes the method for local security policy configuration.
Fig. 3 illustrates the application and processes the method preserving local security policy configuration in local security policy configuration
An embodiment flow chart.
Fig. 4 illustrates the application and processes the side resolving local security policy configuration in local security policy configuration
One embodiment flow chart of method.
Fig. 5 illustrates the application and processes the side preserving local security policy configuration in local security policy configuration
Another embodiment flow chart of method.
Fig. 6 illustrates the application and processes the side resolving local security policy configuration in local security policy configuration
Another embodiment flow chart of method.
Fig. 7 is a kind of hardware structure diagram that the application processes the device place terminal of local security policy configuration.
Fig. 8 illustrates the embodiment block diagram that the application processes the device of local security policy configuration.
Fig. 9 illustrates another embodiment block diagram that the application processes the device of local security policy configuration.
Figure 10 illustrates another embodiment block diagram that the application processes the device of local security policy configuration.
Detailed description of the invention
Here will illustrate exemplary embodiment in detail, its example represents in the accompanying drawings.Following retouches
Stating when relating to accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represents same or analogous key element.
Embodiment described in following exemplary embodiment does not represent all embodiment party consistent with the application
Formula.On the contrary, they only with describe in detail in appended claims, the application some in terms of mutually one
The example of the apparatus and method caused.
It is only merely for describing the purpose of specific embodiment at term used in this application, and is not intended to be limiting this
Application." a kind of ", " described " of singulative used in the application and appended claims
" it is somebody's turn to do " be also intended to include most form, unless context clearly shows that other implications.It is also understood that
Term "and/or" used herein refer to and comprise any of one or more project of listing being associated or
Likely combine.
Although should be appreciated that may use term first, second, third, etc. to describe various letter in the application
Breath, but these information should not necessarily be limited by these terms.These terms are only used for same type of information district each other
Separately.Such as, in the case of without departing from the application scope, the first information can also be referred to as the second information,
Similarly, the second information can also be referred to as the first information.Depend on linguistic context, word as used in this
" if " can be construed to " ... time " or " when ... time " or " in response to determining ".
Along with IT application in enterprises office is more and more universal, access the terminal quantity of Intranet (such as, enterprise network)
It is being continuously increased, and terminal applies is complicating day by day.In order to ensure intranet security, terminal need to be connect
Enter to control and Access Management Access.TAC solution is by strong to the terminal accessing Intranet (such as, enterprise network)
System implements the configuration of terminal security strategy, effectively strengthens the automatic defense ability of terminal, it is to avoid access Intranet
Terminal dangerous, the safety of Intranet is threatened.
In order to preferably realize above-mentioned functions, this application provides the method processing local security policy configuration.
As it is shown in figure 1, illustrate the applied field that the embodiment of the present application realization processes the method for local security policy configuration
Scape schematic diagram.
In Fig. 1, including TAC server 11, multiple terminal (terminal 12 to terminal as shown in Figure 1
1n), wherein, each terminal is accessing Intranet, after authentication, all can ask to TAC server
Ask acquisition security strategy configuration.After terminal receives the security strategy configuration that TAC server returns, in order to
Avoiding security strategy configuration to divulge a secret, such as, security strategy configuration is maliciously tampered, and terminal can obtain one
The safe key that unique safe key, i.e. different terminals get is different, uses this safe key pair
The security strategy configuration got is encrypted, and generates local security policy configuration file and preserves.Work as terminal
When Intranet is conducted interviews, the local security policy of described preservation can be resolved by this unique safe key
Configuration file, it is thus achieved that security strategy configures, and according to the configuration of this security strategy, the safe condition of self is carried out
Check, such as, check that the system mend of self is upgraded the most, virus base has been updated to latest edition the most
Etc..When checking that result is safe, this terminal just can access Intranet, thus effectively ensure Intranet
Safety.
After getting security strategy configuration due to terminal, by unique safe key, security strategy configuration is added
Close, when resolving local security policy configuration file, it is also desirable to use this unique safe key to resolve, thus
The security strategy configuration that efficiently avoid terminal is divulged a secret, it is to avoid the security strategy configuration of terminal is maliciously usurped
Change so that terminal cannot accurately check self-security according to security strategy configuration, causes unsafe terminal
Intranet can be accessed, the safety of Intranet is threatened.
In order to describe terminal is how to process the security strategy configuration got, shown in Fig. 1 in detail
Application scenarios schematic diagram, below figure 2, illustrate the application process local security policy configuration method one
Individual embodiment flow chart, with a station terminal therein, such as, terminal 12, as a example by performing the method, including
Following steps:
Step S201: obtain unique safe key, described unique safe key represents different terminals pair
The safe key answered is different.
By foregoing description, divulging a secret in order to avoid the local security policy in terminal configures, terminal 12 can
With to local security policy configuration encryption.In order to realize encryption, terminal can obtain a safe key, and
This safe key is that the safe key that unique safe key, i.e. different terminals get is different.
Step S202: configure according to described secure key encryption security strategy, generates local security policy configuration
File also preserves.
The security strategy configuration that terminal 12 receives according to described secure key encryption, generates local security policy
Configuration file the process preserved may refer to prior art, and this is no longer described in detail by the application.
Step S203: when accessing Intranet, resolves the configuration of described local security policy according to described safe key
File, to obtain the configuration of described security strategy, and carries out security inspection according to the configuration of described security strategy.
Owing to local security policy configuration is encrypted by terminal by safe key, when terminal needs to obtain this locality
During security strategy configuration, it is possible to use this safe key resolves described local security policy configuration file, thus
Acquisition local security policy configures, and according to the configuration of this local security policy, self is carried out security inspection, example
As, check that the system mend of self is upgraded the most, virus base has been updated to latest edition etc. the most.When
Check that when result is safe, this terminal just can access Intranet, thus effectively ensure the safety of Intranet.
The present embodiment processes the method for local security policy configuration, by obtaining a unique safe key,
This unique safe key represents that the safe key that different terminals gets is different, uses this uniquely to pacify
Full key encryption safe strategy configuration, generates local security policy configuration file and preserves.Due to different terminals
Safe key different, even if the local security policy configuration file in this terminal has been copied to other
In terminal, other terminal also cannot use the safe key of self to resolve this local security policy configuration file,
Thus avoid security strategy configuration and divulge a secret, cause unsafe terminal access Intranet, in being effectively guaranteed
The safety of net.
By the embodiment described by Fig. 2, it can be deduced that, process local security policy configuration and can be divided into two
Individual process: preserve local security policy configuration and resolve local security policy configuration.In order to illustrate in greater detail
The application is how to process local security policy configuration, just preserve separately below local security policy configuration and
The process resolving local security policy configuration is described in detail respectively.
Following Fig. 3, illustrates the application and processes preservation local security policy configuration in local security policy configuration
An embodiment flow chart of method, following Fig. 4, illustrate the application and process local security policy configuration
One embodiment flow chart of the method for middle parsing local security policy configuration.This Fig. 3 and Fig. 4 is all with Fig. 2
Based on illustrated embodiment.Wherein, Fig. 3 includes:
Step S301: obtain safe key to the server request generating security strategy configuration, so that server
Generate server security key, and the server security key that server generates according to different terminals is different.
In the present embodiment, terminal can be to the server (such as, TAC server) generating security strategy configuration
Acquisition request safe key, after this server receives request, can generate a server security key,
And server security key that this server is generated for the request of different terminals is different.
Such as, after this server receives the request of terminal, can be according to predefined specification, such as,
Pre-defined described server security key is 8, wherein needs to comprise letter and number simultaneously, and letter
Case sensitive, other symbols must not occur, then server can be pacified according to this specification stochastic generation server
Full key, such as, the server security key of generation is 1a2B3c4D.Due to server security key be by
Server stochastic generation, therefore, server is that the server security key that different terminals generates is different.
Step S302: receive the server security key that described server returns, and preserve described server peace
Full key is as described unique safe key.
After terminal receives the server security key that server returns, this server security key can be preserved,
Such as, be saved in locally configured in.Due to server be different terminals generate server security key not
Identical, therefore, terminal can be using the server security key that receives as unique safe key.
Step S303: configure according to described secure key encryption security strategy, generates local security policy configuration
File also preserves.
The security strategy configuration that terminal receives according to described secure key encryption, generates local security policy and joins
Putting file and the process that preserves may refer to prior art, this is no longer described in detail by the application.
Fig. 4 includes:
Step S401: when accessing Intranet, obtain the server security key of described preservation.
From step S302, server security key is preserved by terminal, then terminal can obtain this
Server security key.
Step S402: according to local security policy configuration file described in described server security key-parsing, with
Obtain the configuration of described security strategy, and carry out security inspection according to the configuration of described security strategy.
Terminal resolves local security policy configuration file, and the peace obtained according to parsing according to described safe key
Full strategy configuration may refer to prior art to the process self carrying out security inspection, and the application is to this no longer
It is described in detail.
The present embodiment processes the method for local security policy configuration, by the service generating security strategy configuration
Device obtains safe key, and this server can be that different terminals generates different server security keys so that
Terminal obtains a unique safe key, and uses this unique secure key encryption security strategy to configure,
Generate local security policy configuration file and preserve.Owing to the safe key of different terminals is different, even if
Local security policy configuration file in this terminal has been copied in other terminal, and other terminal also cannot make
Resolve this local security policy configuration file with the safe key of self, thus avoid security strategy configuration and let out
Close, cause unsafe terminal access Intranet, be effectively guaranteed the safety of Intranet.
In the embodiment described by Fig. 3, after terminal gets server security key, can be protected
Deposit.Owing to this server security key is saved in terminal, it is likely that can maliciously be got and distort,
Still suffer from the risk that local security policy is divulged a secret.In order to more effectively avoid local security policy to divulge a secret, this Shen
Safer unique safe key, following Fig. 5 can be obtained in please, illustrate the application and process this locality
Security strategy configuration preserves another embodiment flow chart of the method for local security policy configuration, following
Fig. 6, illustrates the application and processes method another resolving local security policy configuration in local security policy configuration
One embodiment flow chart.Wherein, Fig. 5 includes:
Step S501: obtain safe key to the server request generating security strategy configuration, so that server
Generate server security key.
The detailed description of this step may refer to the description in step S301, and in this not go into detail.
Step S502: receive the server security key that described server returns, and preserve described server peace
Full key.
Step S503: identify according to the hardware attributes of described terminal, generate terminal security key.
In the present embodiment, terminal identifies according to the hardware attributes of self, such as processor flag, i.e. CPU sequence
Row number, according to default generation terminal security key rule, such as, take the first eight bits of hardware attributes mark,
Generate terminal security key.As an example it is assumed that the CPU Serial No. of terminal 11
BFEBFBFF000306C3, takes first eight bits 1a2B3c4D of this CPU serial number as terminal security key.
It is understood that the above-mentioned terminal that is only generates the example of terminal security key, in reality is implemented,
Terminal can identify according to other hardware attributes, according to the rule pre-set, generates terminal security key.
Owing to different terminals has different hardware attributes marks, the terminal that the most different terminals is generated
Safe key is the most different.
Step S504: according to default rule of combination, pacify with described server according to described terminal security key
Full key generates new safe key, using described new safe key as unique safe key.
When execution of step S501 and step S502, terminal can be according to default rule of combination, according to described
Terminal security key generates a new safe key with described server security key.For example, it is assumed that service
Device safe key is 1a2B3c4D, and terminal security key is 1a2B3c4D, and default rule of combination is, takes
First four of terminal security key are combined with latter four of server security key, then the new peace generated
Full key is BFEB3c4D.
It is understood that the above-mentioned terminal that is only generates the example of new safe key, in reality is implemented,
Terminal generates the rule of combination of new safe key can be more complicated, and the application is without limitation.
By foregoing description, the server security key that different terminals gets is different, and not
The terminal security key generated with terminal is the most different, then different terminals process as described above is given birth to
The new safe key become is the most different, then terminal can be using this new safe key as unique safety
Key.
Step S505: configure according to described secure key encryption security strategy, generates local security policy configuration
File also preserves.
The security strategy configuration that terminal receives according to described secure key encryption, generates local security policy and joins
Putting file and the process that preserves may refer to prior art, this is no longer described in detail by the application.
Fig. 6 includes:
Step S601: when accessing Intranet, obtain the server security key of described preservation.
The detailed description of this step may refer to the associated description in above-mentioned steps S401, the most superfluous at this
State.
Step S602: identify according to the hardware attributes of described terminal, generate terminal security key.
In this step, terminal can be taked identical with step S502 according to the description in step S502
Rule, according to identical hardware attributes mark, generates terminal security key.
Step S603: according to default rule of combination, pacify with described server according to described terminal security key
Full key generates new safe key.
In this step, terminal can be taked identical with step S503 according to the description in step S503
Rule of combination, is combined server security key with terminal security key, generates new safe key.
Owing to this new safe key is to be generated with server security cipher key combinations by terminal security key, even if
Server security key likely can maliciously be obtained and distorted, but terminal security key is according to terminal self
Hardware attributes mark generate, assailant is difficult to determine that terminal security key is according to which hardware attributes to identify
Generate, thus assailant is difficult to get terminal security key, thus be difficult to get ultimately generate unique
Safe key.
Step S604: resolve described local security policy configuration file, to obtain according to described new safe key
Take the configuration of described security strategy, and carry out security inspection according to the configuration of described security strategy.
Terminal resolves local security policy configuration file, and the peace obtained according to parsing according to described safe key
Full strategy configuration may refer to prior art to the process self carrying out security inspection, and the application is to this no longer
It is described in detail.
The present embodiment processes the method for local security policy configuration, and the server security got by use is close
Key and the terminal security key of self generate final unique safe key, and use this unique safe key
Encryption safe strategy configures, and generates local security policy configuration file and preserves.When resolving this local security plan
When slightly configuring, still need to obtain the server security key preserved, and generate terminal security key, according to this two
Person ultimately generates new safe key, uses the safe key that this is new just can resolve local security policy configuration
File, gets security strategy configuration.Even if server security key may the person's of being hacked malice get,
Assailant also is difficult to get terminal security key, thus is difficult to get final unique safe key,
Thus efficiently avoid security strategy configuration and divulge a secret, cause unsafe terminal access Intranet, effectively protect
Demonstrate,prove the safety of Intranet.
Additionally, in the present embodiment, server can also be identical to the server security key that different terminals returns,
Due to different terminals self generate terminal security key and differ, even if server security key is identical,
After server security key and terminal security key being combined, the new safe key generated also can be each
Differ.
Corresponding with the embodiment of the method for aforementioned processing local security policy configuration, present invention also provides place
The embodiment of the device of reason local security policy configuration.
The embodiment of the device that the application processes local security policy configuration can be applied in terminal.Device is real
Execute example to be realized by software, it is also possible to realize by the way of hardware or software and hardware combining.With software
As a example by realization, as the device on a logical meaning, it is that the processor by its place terminal is by non-volatile
Property memorizer in corresponding computer program instructions read internal memory runs and formed.For hardware view,
As it is shown in fig. 7, process a kind of hardware configuration of the device place terminal of local security policy configuration for the application
Figure, except the processor 71 shown in Fig. 7, internal memory 72, network interface 73 and nonvolatile memory
Outside 74, in embodiment, the terminal at device place is generally according to the actual functional capability of this terminal, it is also possible to include it
His hardware, repeats no more this.
Refer to Fig. 8, illustrate the embodiment block diagram that the application processes the device of local security policy configuration,
Described device may include that acquiring unit 81, ciphering unit 82, resolution unit 83.
Wherein, described acquiring unit 81, may be used for obtaining unique safe key, described unique safety
Key represents that safe key corresponding to different terminals is different;
Described ciphering unit 82, may be used for configuring according to described secure key encryption security strategy, generates this
Ground security strategy configuration file also preserves;
Described resolution unit 83, may be used for, when accessing Intranet, resolving described according to described safe key
Ground security strategy configuration file, with obtain described security strategy configuration, and according to described security strategy configure into
Row security inspection.
Refer to Fig. 9, illustrate another embodiment frame that the application processes the device of local security policy configuration
Figure, the device shown in this Fig. 9 on the basis of above-mentioned Fig. 8 shown device, described acquiring unit 81, permissible
Including: the first request subelement 811, first receives subelement 812.
Described first request subelement 811, may be used for the server to generating the configuration of described security strategy please
Seeking acquisition safe key, so that server generates server security key, and server is raw according to different terminals
The server security key become is different;
Described first receives subelement 812, may be used for receiving the server security that described server returns
Key, and preserve described server security key as described unique safe key.
Described resolution unit 83, may include that the first acquisition subelement 831, first resolves subelement 832.
Wherein, described first obtains subelement 831, may be used for obtaining described server security key;
Described first resolves subelement 832, may be used for according to local described in described server security key-parsing
Security strategy configuration file.
Refer to Figure 10, illustrate another embodiment that the application processes the device of local security policy configuration
Block diagram, the device shown in this Fig. 9 on the basis of above-mentioned Fig. 7 shown device, described acquiring unit 81, can
To include: the second request subelement 813, second receive subelement 814, first generate subelement 815, the
One combination subelement 816.
Wherein, described second request subelement 813, may be used for the service generating the configuration of described security strategy
Device acquisition request safe key, so that server generates server security key;
Described second receives subelement 814, may be used for receiving the server security key that described server returns;
Described first generates subelement 815, may be used for the hardware attributes mark according to described terminal, generates eventually
End safe key;
Described first combination subelement 816, may be used for, according to default rule of combination, pacifying according to described terminal
Full key generates new safe key with described server security key, using described new safe key as institute
State unique safe key.
Described resolution unit 83, may include that the second acquisition subelement 833, second generate subelement 834,
Second combination subelement 835, second resolves subelement 836.
Wherein, described second obtains subelement 833, may be used for obtaining described server security key;
Described second generates subelement 834, may be used for the hardware attributes mark according to described terminal, generates eventually
End safe key;
Described second combination subelement 835, may be used for according to default rule, close according to described terminal security
Key generates new safe key with described server security key;
Described second resolves subelement 836, may be used for, according to described new safe key, resolving described this locality
Security strategy configuration file.
In said apparatus, the function of unit and the process that realizes of effect specifically refer to corresponding step in said method
Rapid realizes process, does not repeats them here.
For device embodiment, owing to it corresponds essentially to embodiment of the method, so relevant part sees
The part of embodiment of the method illustrates.Device embodiment described above is only schematically, wherein
The described unit illustrated as separating component can be or may not be physically separate, as unit
The parts of display can be or may not be physical location, i.e. may be located at a place, or also may be used
To be distributed on multiple NE.Some or all of module therein can be selected according to the actual needs
Realize the purpose of the application scheme.Those of ordinary skill in the art in the case of not paying creative work,
I.e. it is appreciated that and implements.
The foregoing is only the preferred embodiment of the application, not in order to limit the application, all in this Shen
Within spirit please and principle, any modification, equivalent substitution and improvement etc. done, should be included in this Shen
Within the scope of please protecting.
Claims (10)
1. the method processing local security policy configuration, it is characterised in that described method is applied in terminal
On, described method includes:
Obtaining unique safe key, described unique safe key represents that safety corresponding to different terminals is close
Key is different;
Configure according to described secure key encryption security strategy, generate local security policy configuration file and preserve;
When accessing Intranet, resolve described local security policy configuration file according to described safe key, to obtain
Take the configuration of described security strategy, and carry out security inspection according to the configuration of described security strategy.
Method the most according to claim 1, it is characterised in that described acquisition unique safe key bag
Include:
Safe key is obtained, so that server generates clothes to the server request generating the configuration of described security strategy
Business device safe key, and the server security key that server generates according to different terminals is different;
Receive the server security key that described server returns, and preserve described server security key conduct
Described unique safe key.
Method the most according to claim 1, it is characterised in that described acquisition unique safe key bag
Include:
Safe key is obtained, so that server generates clothes to the server request generating the configuration of described security strategy
Business device safe key;
Receive the server security key that described server returns;
Hardware attributes mark according to described terminal, generates terminal security key;
According to default rule of combination, generate with described server security key according to described terminal security key
New safe key, using described new safe key as described unique safe key.
Method the most according to claim 2, it is characterised in that described resolve according to described safe key
Described local security policy configuration file, including:
Obtain described server security key;
According to local security policy configuration file described in described server security key-parsing.
Method the most according to claim 3, it is characterised in that described resolve according to described safe key
Described local security policy configuration file, including:
Obtain described server security key;
Hardware attributes mark according to described terminal, generates terminal security key;
According to default rule of combination, generate with described server security key according to described terminal security key
New safe key;
According to described new safe key, resolve described local security policy configuration file.
6. the device processing local security policy configuration, it is characterised in that described device is applied in terminal
On, described device includes:
Acquiring unit, is used for obtaining unique safe key, and described unique safe key represents different ends
The safe key that end is corresponding is different;
Ciphering unit, for configuring according to described secure key encryption security strategy, generates local security policy
Configuration file also preserves;
Resolution unit, for when accessing Intranet, resolves described local security policy according to described safe key
Configuration file, to obtain the configuration of described security strategy, and carries out safety inspection according to the configuration of described security strategy
Look into.
Device the most according to claim 6, it is characterised in that described acquiring unit includes:
First request subelement, close for obtaining safety to the server request generating the configuration of described security strategy
Key, so that server generates server security key, and the server peace that server generates according to different terminals
Full key is different;
First receives subelement, for receiving the server security key that described server returns, and preserves institute
State server security key as described unique safe key.
Device the most according to claim 6, it is characterised in that described acquiring unit includes:
Second request subelement, close for obtaining safety to the server request generating the configuration of described security strategy
Key, so that server generates server security key;
Second receives subelement, for receiving the server security key that described server returns;
First generates subelement, identifies for the hardware attributes according to described terminal, generates terminal security key;
First combination subelement, for according to default rule of combination, according to described terminal security key and institute
State server security key and generate new safe key, using described new safe key as described unique peace
Full key.
Device the most according to claim 7, it is characterised in that described resolution unit includes:
First obtains subelement, is used for obtaining described server security key;
First resolves subelement, for joining according to local security policy described in described server security key-parsing
Put file.
Device the most according to claim 8, it is characterised in that described resolution unit includes:
Second obtains subelement, is used for obtaining described server security key;
Second generates subelement, identifies for the hardware attributes according to described terminal, generates terminal security key;
Second combination subelement, for according to default rule, according to described terminal security key and described clothes
Business device safe key generates new safe key;
Second resolves subelement, for according to described new safe key, resolves described local security policy and joins
Put file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610079813.3A CN105939330B (en) | 2016-02-04 | 2016-02-04 | Handle the method and device of local security policy configuration |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610079813.3A CN105939330B (en) | 2016-02-04 | 2016-02-04 | Handle the method and device of local security policy configuration |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105939330A true CN105939330A (en) | 2016-09-14 |
| CN105939330B CN105939330B (en) | 2019-07-09 |
Family
ID=57152925
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610079813.3A Active CN105939330B (en) | 2016-02-04 | 2016-02-04 | Handle the method and device of local security policy configuration |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105939330B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107547499A (en) * | 2017-05-11 | 2018-01-05 | 新华三信息安全技术有限公司 | Feature database collocation method and device |
| CN113032740A (en) * | 2021-05-27 | 2021-06-25 | 中国电力科学研究院有限公司 | Energy control terminal policy file security reinforcement method and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102812684A (en) * | 2010-01-11 | 2012-12-05 | 森特里克斯信息安全技术有限公司 | System and method of enforcing a computer policy |
| EP2573701A1 (en) * | 2011-09-23 | 2013-03-27 | Samsung SDS Co., Ltd. | Mobile device management apparatus and method based on security policies and management server for mobile device management |
| CN103873462A (en) * | 2014-02-14 | 2014-06-18 | 中国南方电网有限责任公司 | IEC62351-based security configuration verification method for IED schema file and IED configuration file |
| CN103944890A (en) * | 2014-04-08 | 2014-07-23 | 山东乾云启创信息科技有限公司 | Virtual interaction system and method based on client/server mode |
| CN105049447A (en) * | 2015-08-21 | 2015-11-11 | 北京洋浦伟业科技发展有限公司 | Security policy configuration system based on big data analysis |
| CN105141593A (en) * | 2015-08-10 | 2015-12-09 | 刘澄宇 | Private cloud platform secure computation method |
-
2016
- 2016-02-04 CN CN201610079813.3A patent/CN105939330B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102812684A (en) * | 2010-01-11 | 2012-12-05 | 森特里克斯信息安全技术有限公司 | System and method of enforcing a computer policy |
| EP2573701A1 (en) * | 2011-09-23 | 2013-03-27 | Samsung SDS Co., Ltd. | Mobile device management apparatus and method based on security policies and management server for mobile device management |
| CN103873462A (en) * | 2014-02-14 | 2014-06-18 | 中国南方电网有限责任公司 | IEC62351-based security configuration verification method for IED schema file and IED configuration file |
| CN103944890A (en) * | 2014-04-08 | 2014-07-23 | 山东乾云启创信息科技有限公司 | Virtual interaction system and method based on client/server mode |
| CN105141593A (en) * | 2015-08-10 | 2015-12-09 | 刘澄宇 | Private cloud platform secure computation method |
| CN105049447A (en) * | 2015-08-21 | 2015-11-11 | 北京洋浦伟业科技发展有限公司 | Security policy configuration system based on big data analysis |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107547499A (en) * | 2017-05-11 | 2018-01-05 | 新华三信息安全技术有限公司 | Feature database collocation method and device |
| CN113032740A (en) * | 2021-05-27 | 2021-06-25 | 中国电力科学研究院有限公司 | Energy control terminal policy file security reinforcement method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105939330B (en) | 2019-07-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Filkins et al. | Privacy and security in the era of digital health: what should translational researchers know and do about it? | |
| Perwej et al. | A systematic literature review on the cyber security | |
| Aydos et al. | Assessing risks and threats with layered approach to Internet of Things security | |
| US20210234837A1 (en) | System and method to detect and prevent Phishing attacks | |
| CN109792386B (en) | Method and apparatus for trusted computing | |
| EP3180885B1 (en) | Mapping between user interface fields and protocol information | |
| US9372987B1 (en) | Apparatus and method for masking a real user controlling synthetic identities | |
| US20150347773A1 (en) | Method and system for implementing data security policies using database classification | |
| CN106295367A (en) | Data ciphering method and device | |
| US10320775B2 (en) | Eliminating abuse caused by password reuse in different systems | |
| Suleski et al. | A review of multi-factor authentication in the Internet of Healthcare Things | |
| Ibarra et al. | Cyber-physical attacks and the value of healthcare data: facing an era of cyber extortion and organised crime | |
| Lee et al. | Blockchain as a cyber defense: opportunities, applications, and challenges | |
| Treacy et al. | Data security overview for medical mobile apps assuring the confidentiality, integrity and availability of data in transmission | |
| CN105939330A (en) | Method and device for processing local security policy configuration | |
| Zhao et al. | Security and privacy analysis of mhealth application: A case study | |
| CN116545776A (en) | Data transmission method, device, computer equipment and storage medium | |
| EP2953046A1 (en) | Apparatus and method for data taint tracking | |
| Jana et al. | Management of security and privacy issues of application development in mobile cloud environment: A survey | |
| Ganney | Information communications technology | |
| Oesch | An Analysis of Modern Password Manager Security and Usage on Desktop and Mobile Devices | |
| Sharma et al. | MapSafe: A complete tool for achieving geospatial data sovereignty | |
| CN106302454A (en) | Sensitive data recognition methods and device | |
| US10389719B2 (en) | Parameter based data access on a security information sharing platform | |
| Kapoor et al. | Silver surfers on the tech wave: Privacy analysis of android apps for the elderly |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant after: Hangzhou Dipu Polytron Technologies Inc Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant before: Hangzhou Dipu Technology Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |