CN106790307A - Network safety managing method and server - Google Patents
Network safety managing method and server Download PDFInfo
- Publication number
- CN106790307A CN106790307A CN201710192236.3A CN201710192236A CN106790307A CN 106790307 A CN106790307 A CN 106790307A CN 201710192236 A CN201710192236 A CN 201710192236A CN 106790307 A CN106790307 A CN 106790307A
- Authority
- CN
- China
- Prior art keywords
- authentication processing
- processing file
- hardware modules
- authentication
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of network safety managing method and server, methods described includes:When detecting the request using authentication processing file execution authentication operation, the authentication processing file is obtained;The authentication processing file is sent to credible cryptographic hardware modules;So that the credible cryptographic hardware modules are decrypted operation to the authentication processing file;Operation is authenticated using the authentication processing file after decryption, when the technical scheme of the embodiment of the present invention to authentication processing file by being authenticated, decryption oprerations is encrypted using credible cryptographic hardware modules, so as to improve the security of network.
Description
Technical field
The present invention relates to identity authentication protocol technical field, more particularly to a kind of network safety managing method and server.
Background technology
Kerberos is that the entity for allowing the communication in unsecured network proves recognizing for identity each other in a secure manner
Card agreement.Kerberos is typically used as the authentication mechanism in corporate environment, and is just deployed in the provider's net for supporting new demand servicing
In network.Kerberos is set up in symmetric key cipher method, and typically needs the third party for trusting.
The authentication protocol that Kerberos mines massively as the large data sets of current main flow, it can generate use in verification process
In the account and the keytab file of corresponding key of each main body (such as client and server) on storage network.And
Such as unix by big collection number cluster platform to the management of keytab file, file system (including user, group and other)
Come what is realized.That is, if disabled user obtained the access rights of keytab file by the file system of unix, could
Any body in cluster is pretended to be to complete certification to lead to.
The content of the invention
In view of this, the purpose of the embodiment of the present invention be to provide it is a kind of to keytab file being locally encrypted, decrypt,
So as to ensure network safety managing method and server that disabled user cannot be authenticated.
To achieve these goals, a kind of network safety managing method is the embodiment of the invention provides, including:
When detecting the request using authentication processing file execution authentication operation, the authentication processing file is obtained;
The authentication processing file is sent to credible cryptographic hardware modules;So that the credible cryptographic hardware modules are to institute
State authentication processing file and be decrypted operation;
Operation is authenticated using the authentication processing file after decryption.
Preferably, methods described also includes:
When the authentication processing file is generated, the credible cryptographic hardware modules are called to enter the authentication processing file
Row cryptographic operation.
Preferably, before the credible cryptographic hardware modules are decrypted operation to the authentication processing file, bag
Include:
The processing authority of the request is verified, the first judged result is obtained;
When first judged result shows that the request possesses the claim for performing authentication operation, the credible encryption is hard
Part module is decrypted operation to the authentication processing file.
Preferably, methods described includes:
Judge the access claim of the user of the transmission request, obtain the second judged result;
It is described when second judged result shows that the user possesses the access claim to the authentication processing file
Credible cryptographic hardware modules are decrypted operation to the authentication processing file.
Preferably, the authentication processing file includes the Rule Information and/or key information of the authentication operation.
The embodiment of the present invention also provides a kind of network safety managing method, and methods described includes:
The request of main body transmission in cluster is received,
According to the content of the request, sent by the authentication processing after the encryption of credible cryptographic hardware modules to the main body
File.
Preferably, methods described includes
The authentication processing file includes the Rule Information and/or key information of the authentication operation.
The embodiment of the present invention also provides a kind of server, including:
Processor, when being configured to detect the request using authentication processing file execution authentication operation, obtains the authentication department
Reason file, and the authentication processing file is sent to credible cryptographic hardware modules;
Credible cryptographic hardware modules, configure to be decrypted operation to the authentication processing file;
Wherein, the processor is additionally configured to be authenticated operation using the authentication processing file after decryption.
Preferably, the server includes:
The processor is additionally configured to, when the authentication processing file is generated, call the credible cryptographic hardware modules pair
The authentication processing file is encrypted operation.
Preferably, the server includes:
The processor is additionally configured to be decrypted behaviour to the authentication processing file in the credible cryptographic hardware modules
Before work, the processing authority of the request is verified, obtain the first judged result, and show described asking in first judged result
When seeking the claim for possessing execution authentication operation, the credible cryptographic hardware modules are decrypted behaviour to the authentication processing file
Make.
According to above example, the present invention can realize following beneficial effect:The technical scheme of the embodiment of the present invention passes through
When being authenticated to authentication processing file, decryption oprerations are encrypted using credible cryptographic hardware modules, so as to improve network
Security.
Brief description of the drawings
Fig. 1 is the flow chart of the embodiment one of network safety managing method of the invention;
Fig. 2 is a kind of schematic diagram of a scenario of network safety managing method of the invention;
Fig. 3 is the flow chart of the embodiment three of network safety managing method of the invention;
Fig. 4 is the schematic diagram of the embodiment one of server of the invention.
Specific embodiment
Herein with reference to the various schemes and feature of the Description of Drawings disclosure.
It should be understood that can disclosed embodiments be made with various modifications.Therefore, description above should not be regarded
It is limitation, and only as the example of embodiment.Those skilled in the art will expect within the scope and spirit of this
Other modifications.
Comprising in the description and the accompanying drawing of the part that constitutes specification shows embodiment of the disclosure, and with it is upper
Substantially description and the detailed description to embodiment given below of this disclosure that face is given are used to explain the disclosure together
Principle.
It is of the invention by with reference to the accompanying drawings to being given as the description of the preferred form of the embodiment of non-limiting examples
These and other characteristic will become apparent.
It is also understood that although with reference to some instantiations, invention has been described, people in the art
Member realize many other equivalents of the invention with can determine, they have feature as claimed in claim and therefore all
In the protection domain for being limited whereby.
When read in conjunction with the accompanying drawings, in view of described further below, the above and other aspect of the disclosure, feature and advantage will become
It is more readily apparent.
Hereinafter with reference to the specific embodiment of the Description of Drawings disclosure;It will be appreciated, however, that the disclosed embodiments are only
The example of the disclosure, it can be implemented using various ways.The function and structure known and/or repeat does not describe in detail to avoid
Unnecessary or unnecessary details causes that the disclosure is smudgy.Therefore, specific structural and feature disclosed herein is thin
Section be not intended to limit, but as just claim basis and representative basis be used for instruct those skilled in the art with
Substantially any appropriate detailed construction diversely uses the disclosure.
This specification can be used phrase " in one embodiment ", " in another embodiment ", " in another embodiment
In " or " in other embodiments ", it may refer to one or more in the identical or different embodiment according to the disclosure.
Current big data cluster all has authority management module, and these authority management modules all employ main flow
The authority treatment file of the main body that database comes in storage cluster.So, the authority of the main body in storage cluster processes file
Data safety just becomes particularly significant.If there is main body thinks being carried out by way of username and password for log database
Authentication, storage, should if read by third party in authority treatment file generally in the form of plaintext for username and password
Authority processes file, and then triggers illegal data access, then bring danger to network security.Therefore, asked for solution is above-mentioned
Topic the embodiment of the invention provides a kind of network safety managing method and device;Further, in order to more fully hereinafter
The solution features of the present invention and technology contents, are described in detail to realization of the invention below in conjunction with the accompanying drawings, and appended accompanying drawing is only supplied
Reference explanation is used, not for limiting the present invention.
Embodiment one
A kind of network safety managing method is present embodiments provided, specifically, methods described is applied to big data cluster, collected
There are multiple main bodys (principle) in group, wherein main body can be communicated between server, and each main body.When
When using communication protocol communication, to ensure safety, the communication protocol server for being used can be to main body for each main body of preceding cluster
An authentication processing file is issued, certification is made with the identity to main body, it is ensured that the security of network.The present embodiment takes spare unit
When the request using authentication processing file execution authentication operation is detected, the authentication processing file is obtained;Then will be described
Authentication processing file is sent to credible cryptographic hardware modules;So that the credible cryptographic hardware modules are to the authentication processing file
It is decrypted operation;Operation is authenticated using the authentication processing file after decryption.Because credible cryptographic hardware modules are arranged at
Locally, therefore, even if disabled user obtain authority treatment file, it cannot still be decrypted, it is impossible to using authority process file
Carry out other operations.So, main body not only needs the authority with log database, in addition it is also necessary to has and processes file to authority
The authority for being operated, improves the security of network.
Fig. 1 is a kind of flow chart of embodiment of network safety managing method of the invention, as shown in figure 1, the present embodiment
Network safety managing method, specifically may include steps of:
S101, when detecting the request using authentication processing file execution authentication operation, obtains the authentication processing file.
Specifically, it is the security communicated between each main body (principals) in guarantee cluster, in main body intercommunication
When need to be authenticated by authentication protocol.The executive agent of the present embodiment can be any body in cluster.
Wherein, the authentication processing file includes the Rule Information and/or key information of the authentication operation.
S102, the authentication processing file is sent to credible cryptographic hardware modules;So that the credible encryption hardware mould
Block is decrypted operation to the authentication processing file.
Specifically, if the legal main body in non-clustered obtains authentication processing file, authentication processing text may be used
Part accesses any body, and makes self by checking, so as to steal the information of any body.Therefore the present embodiment is to authentication processing
File is encrypted by credible cryptographic hardware modules, because credible cryptographic hardware modules are disposed on local hardware module,
That is, can only be encrypted or decrypt by local hardware, even if therefore the legal main body access authentication in non-clustered
Treatment file part is also impossible to be decrypted it, and then makes to ensure that the security of network.
Wherein, credible cryptographic hardware modules can be credible password module (Trusted Cryptography Module,
TCM), it is a microcontroller for storage key, password and data certificate, it will ensure that the safety of the data stored in computer
Property, the risk that external software attack or entity will not be subject to steal.
S103, operation is authenticated using the authentication processing file after decryption.
Specifically, if a main body can the authentication processing file be decrypted operation, illustrate a main body have
Oriented server sends the authority of request.Server can do according to the content in the authentication processing file after decryption to main body
Go out the response of corresponding authority.
In an application scenarios, as shown in Fig. 2 the authentication protocol commonly used in the big data cluster of main flow at present includes
Kerberos agreements, in using kerberos protocol authentication process, kerberos protocol servers (key disc, KDC) meeting
For main body issues keytab files, main information is saved in the keytab files and is given birth to by kerberos protocol communications password
Into key.In the specific implementation, keytab files can be script format, so be easy to read.For example, the A master in cluster
Body and B main bodys, B main bodys need to be needed by kerberos protocol authentications before accessing A main bodys, and B main bodys will first preserve its letter
The keytab files of breath and key are sent to the request that A main bodys are authenticated operation, and A main bodys obtain the keytab files and recognized
Response is retransmited after card operation.
When the technical scheme of the embodiment of the present invention to authentication processing file by being authenticated, using credible encryption hardware mould
Block is encrypted decryption oprerations, so as to improve the security of network.
Embodiment two
Based on the method described in embodiment one, this gives several concrete modes verified to main body.
Mode one, when communication protocol server issues authentication processing file to main body, is added to authentication processing file
Close operation.Specifically:When the authentication processing file is generated, the credible cryptographic hardware modules are called to the authentication processing
File is encrypted operation.
In an application scenarios, for example, communication protocol agreement uses kerberos agreements, due to authentication processing file,
I.e. keytab files, are to generate and be presented to main body by kerberos protocol servers, therefore kerberos protocol servers
All masters during authentication processing file just has been carried out into encryption, and cluster while generation are not in accordance with this rule
Then.
Mode two, server is decrypted operation in the credible cryptographic hardware modules to the authentication processing file
Before, in addition it is also necessary to the checking of processing authority is carried out to the request that hair is asked, following steps are specifically included:A, verifies the treatment of the request
Authority, obtains the first judged result;B, shows that the request possesses the claim for performing authentication operation in first judged result
When, the credible cryptographic hardware modules are decrypted operation to the authentication processing file.That is, receive verification operation please
The main body asked before being verified to authentication processing file, it is necessary to first verify the processing authority of the request because may deposit
The possibility of text is misrepresented deliberately in hair.For example, the B main bodys in cluster are sent to the request of A main body verification operations, but have been intended for C main bodys,
C main bodys then directly pay no attention to the request without the authority for processing the request, if A main bodys have received the request, directly enter
Row checking.
Mode three, server also needs to the access rights for judging to send the user for asking.Specifically include following steps:C, sentences
The access claim of the disconnected user for sending the request, obtains the second judged result;D, shows described in second judged result
When user possesses the access claim to the authentication processing file, the credible cryptographic hardware modules are to the authentication processing file
It is decrypted operation.Wherein, the user for sending request is to refer to the main body for sending request.It is as follows.
For example, the A main bodys in cluster receive the authentication operation request of the transmission of B main bodys, request is verified, if
It was found that B main bodys then pay no attention to the request of B main bodys without the authority for accessing A main bodys, if B main bodys have the power for accessing A main bodys
Limit, then call local credible cryptographic hardware modules (such as TCM modules) to be decrypted operation to the authentication processing file.
Wherein, the authentication processing file includes the Rule Information and/or key information of the authentication operation.
When the technical scheme of the embodiment of the present invention to authentication processing file by being authenticated, also to sending the main body asked
Authority Verification is carried out, and checking is also carried out to the authority that treatment is asked, the security of network is improved in terms of different.
Embodiment three
A kind of network safety managing method is present embodiments provided, specifically, methods described is applied to big data cluster, collected
There are multiple main bodys (principle) in group, wherein main body can be communicated between server, and each main body.When
When using communication protocol communication, to ensure safety, the communication protocol server for being used can be to main body for each main body of preceding cluster
An authentication processing file is issued, certification is made with the identity to main body, it is ensured that the security of network.The present embodiment takes spare unit
When the request using authentication processing file execution authentication operation is detected, the authentication processing file is obtained;Then will be described
Authentication processing file is sent to credible cryptographic hardware modules;So that the credible cryptographic hardware modules are to the authentication processing file
It is decrypted operation;Operation is authenticated using the authentication processing file after decryption.Because credible cryptographic hardware modules are arranged at
Locally, therefore, even if disabled user obtain authority treatment file, it cannot still be decrypted, it is impossible to using authority process file
Carry out other operations.So, main body not only needs the authority with log database, in addition it is also necessary to has and processes file to authority
The authority for being operated, improves the security of network.
Fig. 3 is the flow chart of the embodiment three of network safety managing method of the invention.As shown in figure 3, the present embodiment
Network safety managing method, specifically may include steps of:
S301, receives the request of main body transmission in cluster.
Specifically, the executive agent of the present embodiment is the corresponding communication for carrying out used communication protocol in cluster between main body
Protocol server.If for example, between main body communicate when use kerberos agreements, communication when with kerberos protocol services
When device is attached, kerberos protocol servers receive the request that main body sends.
S302, according to the content of the request, sends by recognizing after the encryption of credible cryptographic hardware modules to the main body
Card treatment file.
Specifically, communication protocol server issues authentication processing file according to the content of subject requests to main body.For example,
A main body in cluster ensures the security communicated between main body in cluster using kerberos agreements, if the main body passes through
After Authority Verification, then kerberos protocol servers can be issued to it and encrypted by credible cryptographic hardware modules (such as TCM modules)
Authentication processing file (i.e. keytab files) afterwards.
The authentication processing file includes the Rule Information and/or key information of the authentication operation.
In an application scenarios, communicated using kerberos agreements between the main body in cluster.Before a communication,
Main information and logical by kerberos agreements is saved in the keytab files that kerberos protocol servers are issued to main body
The key of letter password generation.In the specific implementation, keytab files can be script format, in order to read.
When the technical scheme of the embodiment of the present invention to authentication processing file by being authenticated, using credible encryption hardware mould
Block is encrypted decryption oprerations, so as to improve the security of network.
Example IV
A kind of server is present embodiments provided, the server is the server in cluster.Each master in for cluster
Body, to improve the security of network, needs to use authentication processing file to be authenticated in communication for the communication between main body.
The present embodiment is encrypted to authentication processing file in order to improve internet security using credible cryptographic hardware modules, in service
Device is received when being asked with authentication operation, and operation is decrypted to authentication processing file.Because credible cryptographic hardware modules are set
In local, so Encrypt and Decrypt process occurs local, even if disabled user obtains authority treatment file, also cannot be to power
Limit treatment file is decrypted, therefore improves the security of network.Further, as shown in figure 4, the server includes:
Processor 41, when being configured to detect the request using authentication processing file execution authentication operation, obtains the certification
Treatment file, and the authentication processing file is sent to credible cryptographic hardware modules;
Credible cryptographic hardware modules 42, configure to be decrypted operation to the authentication processing file;
Wherein, the processor 41 is additionally configured to be authenticated operation using the authentication processing file after decryption.
In a specific embodiment, the processor 41 is additionally configured to, when the authentication processing file is generated, call
The credible cryptographic hardware modules are encrypted operation to the authentication processing file.
In another specific embodiment, the processor 41 is additionally configured in the credible cryptographic hardware modules to described
Before authentication processing file is decrypted operation, the processing authority of the request is verified, obtain the first judged result, and described
When first judged result shows that the request possesses the claim for performing authentication operation, the credible cryptographic hardware modules are recognized described
Card treatment file is decrypted operation.
When the technical scheme of the embodiment of the present invention to authentication processing file by being authenticated, using credible encryption hardware mould
Block is encrypted decryption oprerations, so as to improve the security of network.
In several embodiments provided herein, it should be understood that disclosed apparatus and method, can be by it
Its mode is realized.Apparatus embodiments described above are only schematical, for example, the division of the unit, is only
A kind of division of logic function, can have other dividing mode, such as when actually realizing:Multiple units or component can be combined, or
Another system is desirably integrated into, or some features can be ignored, or do not perform.In addition, shown or discussed each composition portion
Coupling point each other or direct-coupling or communication connection can be the INDIRECT COUPLINGs of equipment or unit by some interfaces
Or communication connection, can be electrical, machinery or other forms.
The above-mentioned unit that is illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit
The part for showing can be or may not be physical location, you can with positioned at a place, it is also possible to be distributed to multiple network lists
In unit;Part or all of unit therein can be according to the actual needs selected to realize the purpose of this embodiment scheme.
In addition, each functional unit in various embodiments of the present invention can be fully integrated into a processing unit, also may be used
Being each unit individually as a unit, it is also possible to which two or more units are integrated in a unit;It is above-mentioned
Integrated unit can both be realized in the form of hardware, it would however also be possible to employ hardware adds the form of SFU software functional unit to realize.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above method embodiment can pass through
Programmed instruction related hardware is completed, and foregoing program can be stored in a computer read/write memory medium, the program
Upon execution, the step of including above method embodiment is performed;And foregoing storage medium includes:It is movable storage device, read-only
Memory (ROM, Read Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or
Person's CD etc. is various can be with the medium of store program codes.
Or, if the above-mentioned integrated unit of the present invention is to realize in the form of software function module and as independent product
When selling or using, it is also possible to which storage is in a computer read/write memory medium.Based on such understanding, the present invention is implemented
The part that the technical scheme of example substantially contributes to prior art in other words can be embodied in the form of software product,
The computer software product is stored in a storage medium, including some instructions are used to so that computer equipment (can be with
It is personal computer, server or network equipment etc.) perform all or part of each embodiment methods described of the invention.
And foregoing storage medium includes:Movable storage device, read-only storage (ROM, Read Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
The above, specific embodiment only of the invention, but protection scope of the present invention is not limited thereto, and it is any
Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all contain
Cover within protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.
Claims (10)
1. a kind of network safety managing method, including:
When detecting the request using authentication processing file execution authentication operation, the authentication processing file is obtained;
The authentication processing file is sent to credible cryptographic hardware modules;So that the credible cryptographic hardware modules are recognized described
Card treatment file is decrypted operation;
Operation is authenticated using the authentication processing file after decryption.
2. method according to claim 1, methods described also includes:
When the authentication processing file is generated, the credible cryptographic hardware modules are called to add the authentication processing file
Close operation.
3. method according to claim 1, solves in the credible cryptographic hardware modules to the authentication processing file
Before close operation, including:
The processing authority of the request is verified, the first judged result is obtained;
When first judged result shows that the request possesses the claim for performing authentication operation, the credible encryption hardware mould
Block is decrypted operation to the authentication processing file.
4. method according to claim 3, methods described includes:
Judge the access claim of the user of the transmission request, obtain the second judged result;
It is described credible when second judged result shows that the user possesses the access claim to the authentication processing file
Cryptographic hardware modules are decrypted operation to the authentication processing file.
5. method according to claim 1, the authentication processing file include the Rule Information of the authentication operation and/or
Key information.
6. a kind of network safety managing method, methods described includes:
The request of main body transmission in cluster is received,
According to the content of the request, sent by the authentication processing text after the encryption of credible cryptographic hardware modules to the main body
Part.
7. network safety managing method according to claim 6, methods described includes
The authentication processing file includes the Rule Information and/or key information of the authentication operation.
8. a kind of server, including:
Processor, when being configured to detect the request using authentication processing file execution authentication operation, obtains the authentication processing text
Part, and the authentication processing file is sent to credible cryptographic hardware modules;
Credible cryptographic hardware modules, configure to be decrypted operation to the authentication processing file;
Wherein, the processor is additionally configured to be authenticated operation using the authentication processing file after decryption.
9. server according to claim 8, including:
The processor is additionally configured to, when the authentication processing file is generated, call the credible cryptographic hardware modules to described
Authentication processing file is encrypted operation.
10. server according to claim 8, including:
The processor is additionally configured to be decrypted operation to the authentication processing file in the credible cryptographic hardware modules
Before, the processing authority of the request is verified, the first judged result is obtained, and show the request tool in first judged result
During the claim of standby execution authentication operation, the credible cryptographic hardware modules are decrypted operation to the authentication processing file.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710192236.3A CN106790307A (en) | 2017-03-28 | 2017-03-28 | Network safety managing method and server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710192236.3A CN106790307A (en) | 2017-03-28 | 2017-03-28 | Network safety managing method and server |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106790307A true CN106790307A (en) | 2017-05-31 |
Family
ID=58966747
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710192236.3A Pending CN106790307A (en) | 2017-03-28 | 2017-03-28 | Network safety managing method and server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106790307A (en) |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1853397A (en) * | 2003-09-19 | 2006-10-25 | 皇家飞利浦电子股份有限公司 | Method for enhancing wireless LAN safety |
WO2007106851A2 (en) * | 2006-03-14 | 2007-09-20 | Document Atm Incorporated | Distributed access to valuable and sensitive documents and data |
CN101505400A (en) * | 2009-03-10 | 2009-08-12 | 深圳华为通信技术有限公司 | Bi-directional set-top box authentication method, system and related equipment |
CN101882115A (en) * | 2010-06-28 | 2010-11-10 | 上海北大方正科技电脑系统有限公司 | Encryption sharing method for mobile storage device |
CN101986325A (en) * | 2010-11-01 | 2011-03-16 | 山东超越数控电子有限公司 | Computer security access control system and method |
CN102025492A (en) * | 2009-09-10 | 2011-04-20 | 联想(北京)有限公司 | WEB server and data protection method thereof |
CN102236755A (en) * | 2011-05-04 | 2011-11-09 | 山东超越数控电子有限公司 | One-machine multi-user security access control method |
CN102457766A (en) * | 2010-10-18 | 2012-05-16 | Tcl集团股份有限公司 | Method for checking access authority of Internet protocol television |
CN104023012A (en) * | 2014-05-30 | 2014-09-03 | 北京金山网络科技有限公司 | Method, device and system for scheduling service in cluster |
CN104580250A (en) * | 2015-01-29 | 2015-04-29 | 成都卫士通信息产业股份有限公司 | System and method for authenticating credible identities on basis of safety chips |
CN106161359A (en) * | 2015-04-02 | 2016-11-23 | 阿里巴巴集团控股有限公司 | The method and device of certification user, the method and device of registration wearable device |
-
2017
- 2017-03-28 CN CN201710192236.3A patent/CN106790307A/en active Pending
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1853397A (en) * | 2003-09-19 | 2006-10-25 | 皇家飞利浦电子股份有限公司 | Method for enhancing wireless LAN safety |
WO2007106851A2 (en) * | 2006-03-14 | 2007-09-20 | Document Atm Incorporated | Distributed access to valuable and sensitive documents and data |
CN101505400A (en) * | 2009-03-10 | 2009-08-12 | 深圳华为通信技术有限公司 | Bi-directional set-top box authentication method, system and related equipment |
CN102025492A (en) * | 2009-09-10 | 2011-04-20 | 联想(北京)有限公司 | WEB server and data protection method thereof |
CN101882115A (en) * | 2010-06-28 | 2010-11-10 | 上海北大方正科技电脑系统有限公司 | Encryption sharing method for mobile storage device |
CN102457766A (en) * | 2010-10-18 | 2012-05-16 | Tcl集团股份有限公司 | Method for checking access authority of Internet protocol television |
CN101986325A (en) * | 2010-11-01 | 2011-03-16 | 山东超越数控电子有限公司 | Computer security access control system and method |
CN102236755A (en) * | 2011-05-04 | 2011-11-09 | 山东超越数控电子有限公司 | One-machine multi-user security access control method |
CN104023012A (en) * | 2014-05-30 | 2014-09-03 | 北京金山网络科技有限公司 | Method, device and system for scheduling service in cluster |
CN104580250A (en) * | 2015-01-29 | 2015-04-29 | 成都卫士通信息产业股份有限公司 | System and method for authenticating credible identities on basis of safety chips |
CN106161359A (en) * | 2015-04-02 | 2016-11-23 | 阿里巴巴集团控股有限公司 | The method and device of certification user, the method and device of registration wearable device |
Non-Patent Citations (3)
Title |
---|
刘建伟,李为宇,孙钰: "社交网络安全问题及其解决方案", 《中国科学技术大学学报》 * |
文远保,吴少鸿: "Intranet安全与防火墙技术研究", 《华中理工大学学报》 * |
朱树人,李伟琴: "一种基于RSA加密的身份认证系统", 《小型微型计算机系统》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6941146B2 (en) | Data security service | |
EP2020797B1 (en) | Client-server Opaque token passing apparatus and method | |
Lim et al. | Security issues and future challenges of cloud service authentication | |
US8788836B1 (en) | Method and apparatus for providing identity claim validation | |
CN110489996B (en) | Database data security management method and system | |
CN114513533A (en) | Classified and graded fitness and health big data sharing system and method | |
US20100153702A1 (en) | Tls key and cgi session id pairing | |
CN111783075A (en) | Authority management method, device and medium based on secret key and electronic equipment | |
CN109728903B (en) | Block chain weak center password authorization method using attribute password | |
CN102215221A (en) | Methods and systems for secure remote wake, boot, and login to a computer from a mobile device | |
EP3694142A1 (en) | Management and distribution of keys in distributed environments (ie cloud) | |
CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
EP2572489A1 (en) | System and method for protecting access to authentication systems | |
CN106936579A (en) | Cloud storage data storage and read method based on trusted third party agency | |
JP5992535B2 (en) | Apparatus and method for performing wireless ID provisioning | |
CN108737376A (en) | A kind of double factor authentication method and system based on fingerprint and digital certificate | |
CN104767766A (en) | Web Service interface verification method, Web Service server and client side | |
CN106992978B (en) | Network security management method and server | |
WO2021170049A1 (en) | Method and apparatus for recording access behavior | |
CN112261103A (en) | Node access method and related equipment | |
US11245684B2 (en) | User enrollment and authentication across providers having trusted authentication and identity management services | |
CN111538973A (en) | Personal authorization access control system based on state cryptographic algorithm | |
Suthar et al. | EncryScation: A novel framework for cloud iaas, daas security using encryption and obfuscation techniques | |
WO2023201040A1 (en) | Cryptographic signature delegation | |
CN106790307A (en) | Network safety managing method and server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170531 |
|
RJ01 | Rejection of invention patent application after publication |