CN105939330B - Handle the method and device of local security policy configuration - Google Patents
Handle the method and device of local security policy configuration Download PDFInfo
- Publication number
- CN105939330B CN105939330B CN201610079813.3A CN201610079813A CN105939330B CN 105939330 B CN105939330 B CN 105939330B CN 201610079813 A CN201610079813 A CN 201610079813A CN 105939330 B CN105939330 B CN 105939330B
- Authority
- CN
- China
- Prior art keywords
- security
- security key
- server
- key
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The application provides the method and device of processing local security policy configuration, which comprises obtains unique security key, unique security key indicates that the corresponding security key of different terminals is different;It is configured, generate local security policy configuration file and saved according to the secure key encryption security strategy;When accessing Intranet, the local security policy configuration file is parsed according to the security key, to obtain the security strategy configuration, and is configured according to the security strategy and carries out security inspection.Using the embodiment of the present application, the local security policy configuration efficiently avoided in terminal is divulged a secret, and is led to unsafe terminal access Intranet, is threatened to the safety of Intranet.
Description
Technical field
This application involves network communication technology fields, more particularly to the method and device of processing local security policy configuration.
Background technique
TAC (Terminal Access Control, terminal access control) solution by access Intranet (for example,
Enterprise network) terminal enforce terminal security strategy configuration, effectively strengthen the automatic defense ability of terminal, avoid accessing
The terminal of Intranet is dangerous, threatens to the safety of Intranet.In the prior art, terminal accesses Intranet, is passing through authentication
Afterwards, it can be configured to TAC server request security strategy, and the peace that TAC server provides is encrypted by keyword key
Full strategy configuration, generates local security policy configuration file and saves.Terminal parses local peace when accessing to Intranet
Full policy configuration file obtains security strategy configuration, is checked according to security strategy configuration inherently safe state, example
Such as, whether the system mend of itself has upgraded, and whether virus base is updated to latest edition etc..Inspection result is the terminal of safety
It can access to Intranet.
However, if when the local security policy configuration file in terminal is copied in other terminals, due to each terminal
On be previously provided with keyword key, and the keyword key on different terminals is all identical, therefore other terminals can also pass through
Local security policy configuration file in the keyword key-parsing of itself terminal, causes the local security policy in terminal to be matched
It sets and divulges a secret, for example, attacker distorts the configuration of the local security policy in terminal, so that terminal can not match according to local security policy
Set the safety for accurately detecting itself, it is more likely that lead to unsafe terminal access Intranet, threaten to the safety of Intranet.
Summary of the invention
In view of this, the application provides a kind of method and device of processing local security policy configuration, to realize effectively
It avoids the local security policy in terminal from configuring to divulge a secret, leads to unsafe terminal access Intranet, prestige is caused to the safety of Intranet
The side of body.
Specifically, the application is achieved by the following technical solution:
According to the embodiment of the present application in a first aspect, providing the method for processing local security policy configuration, this method application
At the terminal, comprising:
Unique security key is obtained, unique security key indicates the corresponding security key of different terminals respectively not
It is identical;
It is configured, generate local security policy configuration file and saved according to the secure key encryption security strategy;
When accessing Intranet, the local security policy configuration file is parsed according to the security key, described in obtaining
Security strategy configuration, and configured according to the security strategy and carry out security inspection.
In one embodiment, the unique security key of acquisition includes:
To the server request security key for generating the security strategy configuration, so that server generates server peace
Full key, and the server security key that server is generated according to different terminals is different;
The server security key that the server returns is received, and it is described only to save the server security key conduct
One security key.
In another embodiment, the unique security key of acquisition includes:
To the server request security key for generating the security strategy configuration, so that server generates server peace
Full key;
Receive the server security key that the server returns;
It is identified according to the hardware attributes of the terminal, generates terminal security key;
According to preset rule of combination, new peace is generated according to the terminal security key and the server security key
Full key, using the new security key as unique security key.
In another embodiment, described that the local security policy configuration file, packet are parsed according to the security key
It includes:
Obtain the server security key;
According to local security policy configuration file described in the server security key-parsing.
In another embodiment, described that the local security policy configuration file, packet are parsed according to the security key
It includes:
Obtain the server security key;
It is identified according to the hardware attributes of the terminal, generates terminal security key;
According to preset rule of combination, new peace is generated according to the terminal security key and the server security key
Full key;
According to the new security key, the local security policy configuration file is parsed.
According to the second aspect of the embodiment of the present application, the device of processing local security policy configuration, the device application are provided
At the terminal, comprising:
Acquiring unit, for obtaining unique security key, unique security key indicates that different terminals is corresponding
Security key it is different;
Encryption unit generates local security policy configuration text for configuring according to the secure key encryption security strategy
Part simultaneously saves;
Resolution unit, for parsing the local security policy according to the security key and configuring text when accessing Intranet
Part to obtain the security strategy configuration, and configures according to the security strategy and carries out security inspection.
In one embodiment, the acquiring unit includes:
First request subelement, the server request security key for being configured to the generation security strategy, with
Server is set to generate server security key, and the server security key that server is generated according to different terminals is different;
First receiving subelement, the server security key returned for receiving the server, and save the service
Device security key is as unique security key.
In another embodiment, the acquiring unit includes:
Second request subelement, the server request security key for being configured to the generation security strategy, with
Server is set to generate server security key;
Second receiving subelement, the server security key returned for receiving the server;
First generates subelement, for identifying according to the hardware attributes of the terminal, generates terminal security key;
First combination subelement, is used for according to preset rule of combination, according to the terminal security key and the service
Device security key generates new security key, using the new security key as unique security key.
In another embodiment, the resolution unit includes:
First obtains subelement, for obtaining the server security key;
First parsing subunit, for the configuration text of the local security policy according to the server security key-parsing
Part.
In another embodiment, the resolution unit includes:
Second obtains subelement, for obtaining the server security key;
Second generates subelement, for identifying according to the hardware attributes of the terminal, generates terminal security key;
Second combination subelement, for being pacified according to the terminal security key and the server according to default rule
Full key generates new security key;
Second parsing subunit, for parsing the local security policy configuration file according to the new security key.
The method that the present embodiment handles local security policy configuration, by obtaining a unique security key, this is unique
Security key indicate that the security key that gets of different terminals is different, use unique safe plan of secure key encryption
It slightly configures, generate local security policy configuration file and saves.Since the security key of different terminals is different, even if the end
Local security policy configuration file on end has been copied in other terminals, and the safety that other terminals are not available itself yet is close
Key parses the local security policy configuration file, divulges a secret so as to avoid security strategy configuration, leads to unsafe terminal access
Intranet is effectively guaranteed the safety of Intranet.
Detailed description of the invention
Fig. 1 illustrates the application scenarios schematic diagram that the embodiment of the present application realizes the method for processing local security policy configuration.
Fig. 2 illustrates one embodiment flow chart that the application handles the method for local security policy configuration.
Fig. 3 illustrates one that the application handles the method that local security policy configuration is saved in local security policy configuration
Embodiment flow chart.
Fig. 4 illustrates one that the application handles the method for parsing local security policy configuration in local security policy configuration
Embodiment flow chart.
Fig. 5 illustrates the application and handles the another of the method for saving local security policy configuration in local security policy configuration
A embodiment flow chart.
Fig. 6 illustrates the application and handles the another of the method for parsing local security policy configuration in local security policy configuration
A embodiment flow chart.
Fig. 7 is a kind of hardware structure diagram of terminal where the application handles the device of local security policy configuration.
Fig. 8 illustrates one embodiment block diagram that the application handles the device of local security policy configuration.
Fig. 9 illustrates another embodiment block diagram that the application handles the device of local security policy configuration.
Figure 10 illustrates another embodiment block diagram that the application handles the device of local security policy configuration.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended
The example of the consistent device and method of some aspects be described in detail in claims, the application.
It is only to be not intended to be limiting the application merely for for the purpose of describing particular embodiments in term used in this application.
It is also intended in the application and the "an" of singular used in the attached claims, " described " and "the" including majority
Form, unless the context clearly indicates other meaning.It is also understood that term "and/or" used herein refers to and wraps
It may be combined containing one or more associated any or all of project listed.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application
A little information should not necessarily be limited by these terms.These terms are only used to for same type of information being distinguished from each other out.For example, not departing from
In the case where the application range, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as
One information.Depending on context, word as used in this " if " can be construed to " ... when " or " when ...
When " or " in response to determination ".
As IT application in enterprises office is more more and more universal, the terminal quantity of access Intranet (for example, enterprise network) is constantly increasing
Add, and terminal applies increasingly complicate.In order to ensure intranet security, access control and access management need to be carried out to terminal.TAC
Solution is effectively reinforced by enforcing the configuration of terminal security strategy to the terminal of access Intranet (for example, enterprise network)
The automatic defense ability of terminal avoids the terminal of access Intranet dangerous, threatens to the safety of Intranet.
In order to preferably realize above-mentioned function, this application provides the methods of processing local security policy configuration.Such as Fig. 1 institute
Show, illustrates the application scenarios schematic diagram that the embodiment of the present application realizes the method for processing local security policy configuration.
In Fig. 1, including TAC server 11, multiple terminals (terminal 12 as shown in Figure 1 to terminal 1n), wherein each
Terminal can be configured in access Intranet after authentication to TAC server request security strategy.When terminal connects
The security strategy of TAC server return is received with postponing, in order to avoid security strategy configuration is divulged a secret, for example, security strategy configures
It being maliciously tampered, the security key that the available unique security key of terminal, i.e. different terminals are got is different,
The security strategy configuration got is encrypted using the security key, local security policy configuration file is generated and saves.
When terminal accesses to Intranet, the local security policy configuration of the preservation can be parsed by unique security key
File obtains security strategy configuration, and is checked according to security strategy configuration the safe condition of itself, for example, checking
Whether the system mend of itself has upgraded, whether virus base has been updated to latest edition etc..It, should when inspection result is safe
The accessible Intranet of terminal, to effectively ensure the safety of Intranet.
Since terminal gets security strategy with postponing, security strategy is configured by unique security key and is encrypted, solution
When analysing local security policy configuration file, it is also desirable to be parsed using unique security key, to efficiently avoid terminal
Security strategy configuration divulge a secret, avoid terminal security strategy configuration is maliciously tampered so that terminal can not be according to safe plan
Slightly configuration is accurate checks self-security, leads to the accessible Intranet of unsafe terminal, threatens to the safety of Intranet.
In order to be described in detail terminal is how to handle the security strategy got to configure, application as shown in connection with fig. 1
Schematic diagram of a scenario, following Fig. 2 illustrate one embodiment flow chart that the application handles the method for local security policy configuration,
With a terminal therein, for example, terminal 12, for executing this method, comprising the following steps:
Step S201: obtaining unique security key, and unique security key indicates the corresponding peace of different terminals
Full key is different.
As can be seen from the above description, in order to avoid the local security policy configuration in terminal is divulged a secret, terminal 12 can be to this
The configuration encryption of ground security strategy.In order to realize encryption, the available security key of terminal, and the security key is unique
The security key that security key, i.e. different terminals are got is different.
Step S202: configuring according to the secure key encryption security strategy, generates local security policy configuration file simultaneously
It saves.
Terminal 12 is configured according to the security strategy that the secure key encryption receives, and generates local security policy configuration text
Part and save process may refer to the prior art, this is no longer described in detail in the application.
Step S203: when accessing Intranet, parsing the local security policy configuration file according to the security key, with
The security strategy configuration is obtained, and is configured according to the security strategy and carries out security inspection.
Local security policy is configured into encryption since terminal has passed through security key, when terminal needs to obtain local security plan
When slightly configuring, the security key can be used and parse the local security policy configuration file, to obtain local security policy
Configuration carries out security inspection to itself according to local security policy configuration, for example, whether to check the system mend of itself
Whether upgrading, virus base have been updated to latest edition etc..When inspection result is safe, the accessible Intranet of the terminal,
To effectively ensure the safety of Intranet.
The method that the present embodiment handles local security policy configuration, by obtaining a unique security key, this is unique
Security key indicate that the security key that gets of different terminals is different, use unique safe plan of secure key encryption
It slightly configures, generate local security policy configuration file and saves.Since the security key of different terminals is different, even if the end
Local security policy configuration file on end has been copied in other terminals, and the safety that other terminals are not available itself yet is close
Key parses the local security policy configuration file, divulges a secret so as to avoid security strategy configuration, leads to unsafe terminal access
Intranet is effectively guaranteed the safety of Intranet.
Pass through Fig. 2 described embodiment, it can be deduced that, processing local security policy configuration can be divided into two processes:
Save local security policy configuration and parsing local security policy configuration.In order to be described in more detail the application is how to handle this
The configuration of ground security strategy, the process point of local security policy configuration and parsing local security policy configuration is just saved separately below
It is not described in detail.
Following Fig. 3 illustrates the application and handles the side for saving local security policy configuration in local security policy configuration
One embodiment flow chart of method, following Fig. 4 are illustrated in the application processing local security policy configuration and are parsed local security
One embodiment flow chart of the method for strategy configuration.The Fig. 3 and Fig. 4 is based on embodiment illustrated in fig. 2.Wherein, Fig. 3 packet
It includes:
The server request security key of S301: Xiang Shengcheng security strategy of step configuration, so that server generates clothes
Business device security key, and the server security key that server is generated according to different terminals is different.
In the present embodiment, terminal can be to server (for example, the TAC server) request for generating security strategy configuration
After the server receives request a server security key can be generated, and the server is for difference in security key
The request of terminal server security key generated is different.
For example, after the server receives the request of terminal, it can be according to specification predetermined, for example, pre-defined
The server security key is 8, wherein need simultaneously comprising letter and number, and letter is case sensitive, there is not allowed that
Other symbols, then server can generate server security key according to the specification at random, for example, the server security generated is close
Key is 1a2B3c4D.Since server security key is generated at random by server, server is different terminals generation
Server security key it is different.
Step S302: the server security key that the server returns is received, and saves the server security key
As unique security key.
After terminal receives the server security key of server return, the server security key can be saved, for example,
It is stored in being locally configured.Since server is that the server security key that different terminals generate is not identical, terminal can
Using the server security key that will receive as unique security key.
Step S303: configuring according to the secure key encryption security strategy, generates local security policy configuration file simultaneously
It saves.
Terminal is configured according to the security strategy that the secure key encryption receives, and generates local security policy configuration file
And the process saved may refer to the prior art, this is no longer described in detail in the application.
Fig. 4 includes:
Step S401: when accessing Intranet, the server security key of the preservation is obtained.
By step S302 it is found that terminal is saved server security key, then available server of terminal
Security key.
Step S402: according to local security policy configuration file described in the server security key-parsing, to obtain
Security strategy configuration is stated, and is configured according to the security strategy and carries out security inspection.
Terminal parses local security policy configuration file, and the security strategy obtained according to parsing according to the security key
Configuring the process for carrying out security inspection to itself may refer to the prior art, this is no longer described in detail in the application.
The method that the present embodiment handles local security policy configuration, by being obtained to the server for generating security strategy configuration
Security key, which can generate different server security keys for different terminals, so that terminal obtains one uniquely
Security key, and configured using the unique secure key encryption security strategy, generate local security policy configuration file simultaneously
It saves.Since the security key of different terminals is different, even if the local security policy configuration file in the terminal is replicated
Onto other terminals, the security key that other terminals are not available itself yet parses the local security policy configuration file, from
And avoid security strategy configuration and divulge a secret, lead to unsafe terminal access Intranet, is effectively guaranteed the safety of Intranet.
In Fig. 3 described embodiment, after terminal gets server security key, it can be saved.Due to
The server security key saves at the terminal, it is likely that maliciously can be got and be distorted, there are still local security policies
The risk divulged a secret.It is available safer unique in the application in order to more effectively local security policy be avoided to divulge a secret
Security key, following Fig. 5 illustrate the application and handle the side for saving local security policy configuration in local security policy configuration
Another embodiment flow chart of method, following Fig. 6 illustrate the application and handle the local peace of parsing in local security policy configuration
Another embodiment flow chart of the method for full strategy configuration.Wherein, Fig. 5 includes:
The server request security key of S501: Xiang Shengcheng security strategy of step configuration, so that server generates clothes
Business device security key.
The detailed description of this step may refer to the description in step S301, and in this not go into detail.
Step S502: the server security key that the server returns is received, and saves the server security key.
Step S503: identifying according to the hardware attributes of the terminal, generates terminal security key.
In the present embodiment, terminal is identified according to the hardware attributes of itself, such as processor flag, i.e. CPU sequence number, according to
Preset generation terminal security key rule, for example, the first eight bits for taking hardware attributes to identify, generate terminal security key.Citing
For, it is assumed that the CPU Serial No. BFEBFBFF000306C3 of terminal 11 takes the first eight bits 1a2B3c4D of the CPU sequence number to make
For terminal security key.
It is understood that above-mentioned is only the example that terminal generates terminal security key, in actual implementation, terminal can
To identify according to other hardware attributes, according to pre-set rule, terminal security key is generated.
Since there are different terminals different hardware attributes to identify, different terminals terminal security generated is close
Key is also different.
Step S504: according to preset rule of combination, according to the terminal security key and the server security key
New security key is generated, using the new safe code key as unique security key.
When executing the step S501 and step S502, terminal can pacify according to preset rule of combination according to the terminal
Full key and the server security key generate a new security key.For example, it is assumed that server security key is
1a2B3c4D, terminal security key are 1a2B3c4D, and preset rule of combination is to take first four of terminal security key and service
Latter four of device security key are combined, then the new security key generated is BFEB3c4D.
It is understood that above-mentioned is only the example that terminal generates new security key, in actual implementation, terminal is raw
The rule of combination of the security key of Cheng Xin can be more complicated, and the application is without limitation.
As can be seen from the above description, the server security key that different terminals are got is different, and different terminals
The terminal security key of generation is also different, then the process of different terminals as described above new security key generated
Also different, then terminal can be using the new security key as unique security key.
Step S505: configuring according to the secure key encryption security strategy, generates local security policy configuration file simultaneously
It saves.
Terminal is configured according to the security strategy that the secure key encryption receives, and generates local security policy configuration file
And the process saved may refer to the prior art, this is no longer described in detail in the application.
Fig. 6 includes:
Step S601: when accessing Intranet, the server security key of the preservation is obtained.
The detailed description of this step may refer to the associated description in above-mentioned steps S401, and in this not go into detail.
Step S602: identifying according to the hardware attributes of the terminal, generates terminal security key.
In this step, terminal can according to the description in step S502, take with rule identical in step S502, according to
Identical hardware attributes mark, generates terminal security key.
Step S603: according to preset rule of combination, according to the terminal security key and the server security key
Generate new security key.
In this step, terminal can according to the description in step S503, take with rule of combination identical in step S503,
Server security key and terminal security key are combined, new security key is generated.
Since the new security key is generated by terminal security key and server security cipher key combinations, even if server
Security key is possible to maliciously to be obtained and be distorted, but terminal security key is to be identified to give birth to according to the hardware attributes of terminal itself
At attacker is difficult to determine that terminal security key is generated according to which hardware attributes mark, so that attacker is difficult to get
Terminal security key, to be difficult to get the unique security key ultimately generated.
Step S604: the local security policy configuration file is parsed according to the new security key, described in obtaining
Security strategy configuration, and configured according to the security strategy and carry out security inspection.
Terminal parses local security policy configuration file, and the security strategy obtained according to parsing according to the security key
Configuring the process for carrying out security inspection to itself may refer to the prior art, this is no longer described in detail in the application.
The method that the present embodiment handles local security policy configuration, by using the server security key got and certainly
The terminal security key of body generates final unique security key, and is matched using unique secure key encryption security strategy
It sets, generate local security policy configuration file and saves.When parsing local security policy configuration, still need to obtain the clothes saved
Business device security key, and terminal security key is generated, new security key is ultimately generated according to the rwo, uses the new safety
Key just can parse local security policy configuration file, get security strategy configuration.Even if server security key may
It is got by attacker's malice, attacker is also difficult to get terminal security key, to be difficult to get final unique
Security key divulges a secret to efficiently avoid security strategy configuration, leads to unsafe terminal access Intranet, effectively guarantee
The safety of Intranet.
In addition, the server security key that server is returned to different terminals can also be identical, due to not in the present embodiment
The terminal security key generated with terminal itself is not identical, even if server security key is identical, by server security key
After being combined with terminal security key, new security key generated also can be different.
Corresponding with the embodiment of method of aforementioned processing local security policy configuration, it is local that present invention also provides processing
The embodiment of the device of security strategy configuration.
The embodiment that the application handles the device of local security policy configuration can be using at the terminal.Installation practice can
Can also be realized by way of hardware or software and hardware combining by software realization.Taking software implementation as an example, as one
Device on logical meaning is to be referred to computer program corresponding in nonvolatile memory by the processor of terminal where it
It enables and is read into memory what operation was formed.For hardware view, match as shown in fig. 7, handling local security policy for the application
A kind of hardware structure diagram of terminal where the device set, in addition to processor 71 shown in Fig. 7, memory 72, network interface 73 and
Except nonvolatile memory 74, the terminal in embodiment where device can also be wrapped generally according to the actual functional capability of the terminal
Other hardware are included, this is repeated no more.
Referring to FIG. 8, one embodiment block diagram that the application handles the device of local security policy configuration is illustrated, it is described
Device may include: acquiring unit 81, encryption unit 82, resolution unit 83.
Wherein, the acquiring unit 81, can be used for obtaining unique security key, and unique security key indicates
The corresponding security key of different terminals is different;
The encryption unit 82 can be used for being configured according to the secure key encryption security strategy, generate local security
Policy configuration file simultaneously saves;
The resolution unit 83 can be used for when accessing Intranet, parse the local security according to the security key
Policy configuration file to obtain the security strategy configuration, and configures according to the security strategy and carries out security inspection.
Referring to FIG. 9, another embodiment block diagram that the application handles the device of local security policy configuration is illustrated, it should
Device shown in Fig. 9 is on the basis of above-mentioned Fig. 8 shown device, the acquiring unit 81, may include: the first request subelement
811, the first receiving subelement 812.
The first request subelement 811 can be used for the server request for generating the security strategy configuration
Security key, so that server generates server security key, and the server security that server is generated according to different terminals is close
Key is different;
First receiving subelement 812 can be used for receiving the server security key that the server returns, and protect
The server security key is deposited as unique security key.
The resolution unit 83 may include: the first acquisition subelement 831, the first parsing subunit 832.
Wherein, described first subelement 831 is obtained, can be used for obtaining the server security key;
First parsing subunit 832 can be used for the local security according to the server security key-parsing
Policy configuration file.
Referring to FIG. 10, another embodiment block diagram that the application handles the device of local security policy configuration is illustrated,
The device shown in Fig. 9 is on the basis of above-mentioned Fig. 7 shown device, the acquiring unit 81, may include: that the second request is single
First 813, second receiving subelement 814, first generates subelement 815, first and combines subelement 816.
Wherein, the second request subelement 813 can be used for the server request for generating the security strategy configuration
Security key is obtained, so that server generates server security key;
Second receiving subelement 814 can be used for receiving the server security key that the server returns;
Described first generates subelement 815, can be used for being identified according to the hardware attributes of the terminal, generates terminal security
Key;
The first combination subelement 816, can be used for according to preset rule of combination, according to the terminal security key
New security key is generated with the server security key, the new safe code key is secret as unique safety
Key.
The resolution unit 83 may include: that the second acquisition subelement 833, second generates the combination of subelement 834, second
Subelement 835, the second parsing subunit 836.
Wherein, described second subelement 833 is obtained, can be used for obtaining the server security key;
Described second generates subelement 834, can be used for being identified according to the hardware attributes of the terminal, generates terminal security
Key;
The second combination subelement 835, can be used for according to default rule, according to the terminal security key and institute
It states server security key and generates new security key;
Second parsing subunit 836 can be used for parsing the local security plan according to the new security key
Slightly configuration file.
The function of each unit and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus
Realization process, details are not described herein.
For device embodiment, since it corresponds essentially to embodiment of the method, so related place is referring to method reality
Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separation unit
The unit of explanation may or may not be physically separated, and component shown as a unit can be or can also be with
It is not physical unit, it can it is in one place, or may be distributed over multiple network units.It can be according to actual
The purpose for needing to select some or all of the modules therein to realize application scheme.Those of ordinary skill in the art are not paying
Out in the case where creative work, it can understand and implement.
The foregoing is merely the preferred embodiments of the application, not to limit the application, all essences in the application
Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the application protection.
Claims (8)
1. a kind of method of processing local security policy configuration, which is characterized in that the method is applied at the terminal, the method
Include:
After the terminal is by authentication, unique security key is obtained, unique security key indicates different
The corresponding security key of terminal it is different, wherein it is described to obtain unique security key and include:
To the server request security key for generating the security strategy configuration, so that server generation server security is close
Key, and the server security key that server is generated according to different terminals is different;
The server security key that the server returns is received, and saves the server security key as described unique
Security key;
It is configured, generate local security policy configuration file and saved according to the secure key encryption security strategy;
When accessing Intranet, the local security policy configuration file is parsed according to the security key, to obtain the safety
Strategy configuration, and configured according to the security strategy and carry out security inspection.
2. the method according to claim 1, wherein the unique security key of acquisition includes:
To the server request security key for generating the security strategy configuration, so that server generation server security is close
Key;
Receive the server security key that the server returns;
It is identified according to the hardware attributes of the terminal, generates terminal security key;
According to preset rule of combination, it is close that new safety with the server security key is generated according to the terminal security key
Key, using the new security key as unique security key.
3. the method according to claim 1, wherein described parse the local security according to the security key
Policy configuration file, comprising:
Obtain the server security key;
According to local security policy configuration file described in the server security key-parsing.
4. according to the method described in claim 2, it is characterized in that, described parse the local security according to the security key
Policy configuration file, comprising:
Obtain the server security key;
It is identified according to the hardware attributes of the terminal, generates terminal security key;
According to preset rule of combination, it is close that new safety with the server security key is generated according to the terminal security key
Key;
According to the new security key, the local security policy configuration file is parsed.
5. a kind of device of processing local security policy configuration, which is characterized in that described device is applied at the terminal, described device
Include:
Acquiring unit, for obtaining unique security key, unique safety after the terminal is by authentication
Key indicates that the corresponding security key of different terminals is different, wherein the acquiring unit includes:
First request subelement, the server request security key for being configured to the generation security strategy, so that clothes
Business device generates server security key, and the server security key that server is generated according to different terminals is different;
First receiving subelement, the server security key returned for receiving the server, and save the server peace
Full key is as unique security key;
Encryption unit generates local security policy configuration file simultaneously for configuring according to the secure key encryption security strategy
It saves;
Resolution unit, for parsing the local security policy configuration file according to the security key when accessing Intranet, with
The security strategy configuration is obtained, and is configured according to the security strategy and carries out security inspection.
6. device according to claim 5, which is characterized in that the acquiring unit includes:
Second request subelement, the server request security key for being configured to the generation security strategy, so that clothes
Business device generates server security key;
Second receiving subelement, the server security key returned for receiving the server;
First generates subelement, for identifying according to the hardware attributes of the terminal, generates terminal security key;
First combination subelement, for being pacified according to the terminal security key and the server according to preset rule of combination
Full key generates new security key, using the new security key as unique security key.
7. device according to claim 5, which is characterized in that the resolution unit includes:
First obtains subelement, for obtaining the server security key;
First parsing subunit is used for the local security policy configuration file according to the server security key-parsing.
8. device according to claim 6, which is characterized in that the resolution unit includes:
Second obtains subelement, for obtaining the server security key;
Second generates subelement, for identifying according to the hardware attributes of the terminal, generates terminal security key;
Second combination subelement, is used for according to default rule, close according to the terminal security key and the server security
Key generates new security key;
Second parsing subunit, for parsing the local security policy configuration file according to the new security key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610079813.3A CN105939330B (en) | 2016-02-04 | 2016-02-04 | Handle the method and device of local security policy configuration |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610079813.3A CN105939330B (en) | 2016-02-04 | 2016-02-04 | Handle the method and device of local security policy configuration |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105939330A CN105939330A (en) | 2016-09-14 |
| CN105939330B true CN105939330B (en) | 2019-07-09 |
Family
ID=57152925
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610079813.3A Active CN105939330B (en) | 2016-02-04 | 2016-02-04 | Handle the method and device of local security policy configuration |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105939330B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107547499A (en) * | 2017-05-11 | 2018-01-05 | 新华三信息安全技术有限公司 | Feature database collocation method and device |
| CN113032740A (en) * | 2021-05-27 | 2021-06-25 | 中国电力科学研究院有限公司 | Energy control terminal policy file security reinforcement method and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102812684A (en) * | 2010-01-11 | 2012-12-05 | 森特里克斯信息安全技术有限公司 | System and method of enforcing a computer policy |
| EP2573701A1 (en) * | 2011-09-23 | 2013-03-27 | Samsung SDS Co., Ltd. | Mobile device management apparatus and method based on security policies and management server for mobile device management |
| CN103873462A (en) * | 2014-02-14 | 2014-06-18 | 中国南方电网有限责任公司 | IEC62351-based security configuration verification method for IED schema file and IED configuration file |
| CN103944890A (en) * | 2014-04-08 | 2014-07-23 | 山东乾云启创信息科技有限公司 | Virtual interaction system and method based on client/server mode |
| CN105049447A (en) * | 2015-08-21 | 2015-11-11 | 北京洋浦伟业科技发展有限公司 | Security policy configuration system based on big data analysis |
| CN105141593A (en) * | 2015-08-10 | 2015-12-09 | 刘澄宇 | Private cloud platform secure computation method |
-
2016
- 2016-02-04 CN CN201610079813.3A patent/CN105939330B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102812684A (en) * | 2010-01-11 | 2012-12-05 | 森特里克斯信息安全技术有限公司 | System and method of enforcing a computer policy |
| EP2573701A1 (en) * | 2011-09-23 | 2013-03-27 | Samsung SDS Co., Ltd. | Mobile device management apparatus and method based on security policies and management server for mobile device management |
| CN103873462A (en) * | 2014-02-14 | 2014-06-18 | 中国南方电网有限责任公司 | IEC62351-based security configuration verification method for IED schema file and IED configuration file |
| CN103944890A (en) * | 2014-04-08 | 2014-07-23 | 山东乾云启创信息科技有限公司 | Virtual interaction system and method based on client/server mode |
| CN105141593A (en) * | 2015-08-10 | 2015-12-09 | 刘澄宇 | Private cloud platform secure computation method |
| CN105049447A (en) * | 2015-08-21 | 2015-11-11 | 北京洋浦伟业科技发展有限公司 | Security policy configuration system based on big data analysis |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105939330A (en) | 2016-09-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7162350B2 (en) | core network access provider | |
| US8572400B2 (en) | Enhanced digital right management framework | |
| US11829469B2 (en) | Software integrity checking systems and methods | |
| KR102396643B1 (en) | API and encryption key secret management system and method | |
| CN110651261A (en) | Secure memory device with unique identifier for authentication | |
| CN106060078B (en) | User information encryption method, register method and verification method applied to cloud platform | |
| US10375084B2 (en) | Methods and apparatuses for improved network communication using a message integrity secure token | |
| WO2021012978A1 (en) | Method, apparatus and device for detecting hardware, and storage medium | |
| WO2018112482A1 (en) | Method and system for distributing attestation key and certificate in trusted computing | |
| CN105939330B (en) | Handle the method and device of local security policy configuration | |
| US9245097B2 (en) | Systems and methods for locking an application to device without storing device information on server | |
| JP6253168B2 (en) | Improved tamper resistance of aggregated data | |
| Zachos | Securing J1939 communications using strong encryption with FIPS 140-2 | |
| Ballesteros et al. | RATS Working Group G. Mandyam Internet-Draft Qualcomm Technologies Inc. Intended status: Standards Track L. Lundblade Expires: September 25, 2019 Security Theory LLC | |
| Ballesteros et al. | RATS Working Group G. Mandyam Internet-Draft Qualcomm Technologies Inc. Intended status: Standards Track L. Lundblade Expires: December 24, 2019 Security Theory LLC | |
| Ballesteros et al. | Network Working Group G. Mandyam Internet-Draft Qualcomm Technologies Inc. Intended status: Standards Track L. Lundblade Expires: May 23, 2019 Security Theory LLC | |
| Ballesteros et al. | RATS Working Group G. Mandyam Internet-Draft Qualcomm Technologies Inc. Intended status: Standards Track L. Lundblade Expires: January 5, 2020 Security Theory LLC | |
| Ballesteros et al. | RATS Working Group G. Mandyam Internet-Draft Qualcomm Technologies Inc. Intended status: Standards Track L. Lundblade Expires: August 23, 2020 Security Theory LLC | |
| Arora et al. | A Comprehensive Model to Enhance Performance of WS-Security Processing | |
| CN117749356A (en) | Virtual machine communication method, device, computer equipment and storage medium | |
| Niszl | A cryptographic concept for the secure storage and transmission of medical images on iOS devices | |
| CN116743460A (en) | Data exchange isolation method, system, equipment and storage medium for internal and external network | |
| CN117061099A (en) | Data interaction method, device, electronic equipment and readable medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant after: Hangzhou Dipu Polytron Technologies Inc Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant before: Hangzhou Dipu Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |