CN106790307A - Network safety managing method and server - Google Patents

Network safety managing method and server Download PDF

Info

Publication number
CN106790307A
CN106790307A CN201710192236.3A CN201710192236A CN106790307A CN 106790307 A CN106790307 A CN 106790307A CN 201710192236 A CN201710192236 A CN 201710192236A CN 106790307 A CN106790307 A CN 106790307A
Authority
CN
China
Prior art keywords
authentication processing
processing file
hardware modules
authentication
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710192236.3A
Other languages
Chinese (zh)
Inventor
张奇伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN201710192236.3A priority Critical patent/CN106790307A/en
Publication of CN106790307A publication Critical patent/CN106790307A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of network safety managing method and server, methods described includes:When detecting the request using authentication processing file execution authentication operation, the authentication processing file is obtained;The authentication processing file is sent to credible cryptographic hardware modules;So that the credible cryptographic hardware modules are decrypted operation to the authentication processing file;Operation is authenticated using the authentication processing file after decryption, when the technical scheme of the embodiment of the present invention to authentication processing file by being authenticated, decryption oprerations is encrypted using credible cryptographic hardware modules, so as to improve the security of network.

Description

Network safety managing method and server
Technical field
The present invention relates to identity authentication protocol technical field, more particularly to a kind of network safety managing method and server.
Background technology
Kerberos is that the entity for allowing the communication in unsecured network proves recognizing for identity each other in a secure manner Card agreement.Kerberos is typically used as the authentication mechanism in corporate environment, and is just deployed in the provider's net for supporting new demand servicing In network.Kerberos is set up in symmetric key cipher method, and typically needs the third party for trusting.
The authentication protocol that Kerberos mines massively as the large data sets of current main flow, it can generate use in verification process In the account and the keytab file of corresponding key of each main body (such as client and server) on storage network.And Such as unix by big collection number cluster platform to the management of keytab file, file system (including user, group and other) Come what is realized.That is, if disabled user obtained the access rights of keytab file by the file system of unix, could Any body in cluster is pretended to be to complete certification to lead to.
The content of the invention
In view of this, the purpose of the embodiment of the present invention be to provide it is a kind of to keytab file being locally encrypted, decrypt, So as to ensure network safety managing method and server that disabled user cannot be authenticated.
To achieve these goals, a kind of network safety managing method is the embodiment of the invention provides, including:
When detecting the request using authentication processing file execution authentication operation, the authentication processing file is obtained;
The authentication processing file is sent to credible cryptographic hardware modules;So that the credible cryptographic hardware modules are to institute State authentication processing file and be decrypted operation;
Operation is authenticated using the authentication processing file after decryption.
Preferably, methods described also includes:
When the authentication processing file is generated, the credible cryptographic hardware modules are called to enter the authentication processing file Row cryptographic operation.
Preferably, before the credible cryptographic hardware modules are decrypted operation to the authentication processing file, bag Include:
The processing authority of the request is verified, the first judged result is obtained;
When first judged result shows that the request possesses the claim for performing authentication operation, the credible encryption is hard Part module is decrypted operation to the authentication processing file.
Preferably, methods described includes:
Judge the access claim of the user of the transmission request, obtain the second judged result;
It is described when second judged result shows that the user possesses the access claim to the authentication processing file Credible cryptographic hardware modules are decrypted operation to the authentication processing file.
Preferably, the authentication processing file includes the Rule Information and/or key information of the authentication operation.
The embodiment of the present invention also provides a kind of network safety managing method, and methods described includes:
The request of main body transmission in cluster is received,
According to the content of the request, sent by the authentication processing after the encryption of credible cryptographic hardware modules to the main body File.
Preferably, methods described includes
The authentication processing file includes the Rule Information and/or key information of the authentication operation.
The embodiment of the present invention also provides a kind of server, including:
Processor, when being configured to detect the request using authentication processing file execution authentication operation, obtains the authentication department Reason file, and the authentication processing file is sent to credible cryptographic hardware modules;
Credible cryptographic hardware modules, configure to be decrypted operation to the authentication processing file;
Wherein, the processor is additionally configured to be authenticated operation using the authentication processing file after decryption.
Preferably, the server includes:
The processor is additionally configured to, when the authentication processing file is generated, call the credible cryptographic hardware modules pair The authentication processing file is encrypted operation.
Preferably, the server includes:
The processor is additionally configured to be decrypted behaviour to the authentication processing file in the credible cryptographic hardware modules Before work, the processing authority of the request is verified, obtain the first judged result, and show described asking in first judged result When seeking the claim for possessing execution authentication operation, the credible cryptographic hardware modules are decrypted behaviour to the authentication processing file Make.
According to above example, the present invention can realize following beneficial effect:The technical scheme of the embodiment of the present invention passes through When being authenticated to authentication processing file, decryption oprerations are encrypted using credible cryptographic hardware modules, so as to improve network Security.
Brief description of the drawings
Fig. 1 is the flow chart of the embodiment one of network safety managing method of the invention;
Fig. 2 is a kind of schematic diagram of a scenario of network safety managing method of the invention;
Fig. 3 is the flow chart of the embodiment three of network safety managing method of the invention;
Fig. 4 is the schematic diagram of the embodiment one of server of the invention.
Specific embodiment
Herein with reference to the various schemes and feature of the Description of Drawings disclosure.
It should be understood that can disclosed embodiments be made with various modifications.Therefore, description above should not be regarded It is limitation, and only as the example of embodiment.Those skilled in the art will expect within the scope and spirit of this Other modifications.
Comprising in the description and the accompanying drawing of the part that constitutes specification shows embodiment of the disclosure, and with it is upper Substantially description and the detailed description to embodiment given below of this disclosure that face is given are used to explain the disclosure together Principle.
It is of the invention by with reference to the accompanying drawings to being given as the description of the preferred form of the embodiment of non-limiting examples These and other characteristic will become apparent.
It is also understood that although with reference to some instantiations, invention has been described, people in the art Member realize many other equivalents of the invention with can determine, they have feature as claimed in claim and therefore all In the protection domain for being limited whereby.
When read in conjunction with the accompanying drawings, in view of described further below, the above and other aspect of the disclosure, feature and advantage will become It is more readily apparent.
Hereinafter with reference to the specific embodiment of the Description of Drawings disclosure;It will be appreciated, however, that the disclosed embodiments are only The example of the disclosure, it can be implemented using various ways.The function and structure known and/or repeat does not describe in detail to avoid Unnecessary or unnecessary details causes that the disclosure is smudgy.Therefore, specific structural and feature disclosed herein is thin Section be not intended to limit, but as just claim basis and representative basis be used for instruct those skilled in the art with Substantially any appropriate detailed construction diversely uses the disclosure.
This specification can be used phrase " in one embodiment ", " in another embodiment ", " in another embodiment In " or " in other embodiments ", it may refer to one or more in the identical or different embodiment according to the disclosure.
Current big data cluster all has authority management module, and these authority management modules all employ main flow The authority treatment file of the main body that database comes in storage cluster.So, the authority of the main body in storage cluster processes file Data safety just becomes particularly significant.If there is main body thinks being carried out by way of username and password for log database Authentication, storage, should if read by third party in authority treatment file generally in the form of plaintext for username and password Authority processes file, and then triggers illegal data access, then bring danger to network security.Therefore, asked for solution is above-mentioned Topic the embodiment of the invention provides a kind of network safety managing method and device;Further, in order to more fully hereinafter The solution features of the present invention and technology contents, are described in detail to realization of the invention below in conjunction with the accompanying drawings, and appended accompanying drawing is only supplied Reference explanation is used, not for limiting the present invention.
Embodiment one
A kind of network safety managing method is present embodiments provided, specifically, methods described is applied to big data cluster, collected There are multiple main bodys (principle) in group, wherein main body can be communicated between server, and each main body.When When using communication protocol communication, to ensure safety, the communication protocol server for being used can be to main body for each main body of preceding cluster An authentication processing file is issued, certification is made with the identity to main body, it is ensured that the security of network.The present embodiment takes spare unit When the request using authentication processing file execution authentication operation is detected, the authentication processing file is obtained;Then will be described Authentication processing file is sent to credible cryptographic hardware modules;So that the credible cryptographic hardware modules are to the authentication processing file It is decrypted operation;Operation is authenticated using the authentication processing file after decryption.Because credible cryptographic hardware modules are arranged at Locally, therefore, even if disabled user obtain authority treatment file, it cannot still be decrypted, it is impossible to using authority process file Carry out other operations.So, main body not only needs the authority with log database, in addition it is also necessary to has and processes file to authority The authority for being operated, improves the security of network.
Fig. 1 is a kind of flow chart of embodiment of network safety managing method of the invention, as shown in figure 1, the present embodiment Network safety managing method, specifically may include steps of:
S101, when detecting the request using authentication processing file execution authentication operation, obtains the authentication processing file.
Specifically, it is the security communicated between each main body (principals) in guarantee cluster, in main body intercommunication When need to be authenticated by authentication protocol.The executive agent of the present embodiment can be any body in cluster.
Wherein, the authentication processing file includes the Rule Information and/or key information of the authentication operation.
S102, the authentication processing file is sent to credible cryptographic hardware modules;So that the credible encryption hardware mould Block is decrypted operation to the authentication processing file.
Specifically, if the legal main body in non-clustered obtains authentication processing file, authentication processing text may be used Part accesses any body, and makes self by checking, so as to steal the information of any body.Therefore the present embodiment is to authentication processing File is encrypted by credible cryptographic hardware modules, because credible cryptographic hardware modules are disposed on local hardware module, That is, can only be encrypted or decrypt by local hardware, even if therefore the legal main body access authentication in non-clustered Treatment file part is also impossible to be decrypted it, and then makes to ensure that the security of network.
Wherein, credible cryptographic hardware modules can be credible password module (Trusted Cryptography Module, TCM), it is a microcontroller for storage key, password and data certificate, it will ensure that the safety of the data stored in computer Property, the risk that external software attack or entity will not be subject to steal.
S103, operation is authenticated using the authentication processing file after decryption.
Specifically, if a main body can the authentication processing file be decrypted operation, illustrate a main body have Oriented server sends the authority of request.Server can do according to the content in the authentication processing file after decryption to main body Go out the response of corresponding authority.
In an application scenarios, as shown in Fig. 2 the authentication protocol commonly used in the big data cluster of main flow at present includes Kerberos agreements, in using kerberos protocol authentication process, kerberos protocol servers (key disc, KDC) meeting For main body issues keytab files, main information is saved in the keytab files and is given birth to by kerberos protocol communications password Into key.In the specific implementation, keytab files can be script format, so be easy to read.For example, the A master in cluster Body and B main bodys, B main bodys need to be needed by kerberos protocol authentications before accessing A main bodys, and B main bodys will first preserve its letter The keytab files of breath and key are sent to the request that A main bodys are authenticated operation, and A main bodys obtain the keytab files and recognized Response is retransmited after card operation.
When the technical scheme of the embodiment of the present invention to authentication processing file by being authenticated, using credible encryption hardware mould Block is encrypted decryption oprerations, so as to improve the security of network.
Embodiment two
Based on the method described in embodiment one, this gives several concrete modes verified to main body.
Mode one, when communication protocol server issues authentication processing file to main body, is added to authentication processing file Close operation.Specifically:When the authentication processing file is generated, the credible cryptographic hardware modules are called to the authentication processing File is encrypted operation.
In an application scenarios, for example, communication protocol agreement uses kerberos agreements, due to authentication processing file, I.e. keytab files, are to generate and be presented to main body by kerberos protocol servers, therefore kerberos protocol servers All masters during authentication processing file just has been carried out into encryption, and cluster while generation are not in accordance with this rule Then.
Mode two, server is decrypted operation in the credible cryptographic hardware modules to the authentication processing file Before, in addition it is also necessary to the checking of processing authority is carried out to the request that hair is asked, following steps are specifically included:A, verifies the treatment of the request Authority, obtains the first judged result;B, shows that the request possesses the claim for performing authentication operation in first judged result When, the credible cryptographic hardware modules are decrypted operation to the authentication processing file.That is, receive verification operation please The main body asked before being verified to authentication processing file, it is necessary to first verify the processing authority of the request because may deposit The possibility of text is misrepresented deliberately in hair.For example, the B main bodys in cluster are sent to the request of A main body verification operations, but have been intended for C main bodys, C main bodys then directly pay no attention to the request without the authority for processing the request, if A main bodys have received the request, directly enter Row checking.
Mode three, server also needs to the access rights for judging to send the user for asking.Specifically include following steps:C, sentences The access claim of the disconnected user for sending the request, obtains the second judged result;D, shows described in second judged result When user possesses the access claim to the authentication processing file, the credible cryptographic hardware modules are to the authentication processing file It is decrypted operation.Wherein, the user for sending request is to refer to the main body for sending request.It is as follows.
For example, the A main bodys in cluster receive the authentication operation request of the transmission of B main bodys, request is verified, if It was found that B main bodys then pay no attention to the request of B main bodys without the authority for accessing A main bodys, if B main bodys have the power for accessing A main bodys Limit, then call local credible cryptographic hardware modules (such as TCM modules) to be decrypted operation to the authentication processing file.
Wherein, the authentication processing file includes the Rule Information and/or key information of the authentication operation.
When the technical scheme of the embodiment of the present invention to authentication processing file by being authenticated, also to sending the main body asked Authority Verification is carried out, and checking is also carried out to the authority that treatment is asked, the security of network is improved in terms of different.
Embodiment three
A kind of network safety managing method is present embodiments provided, specifically, methods described is applied to big data cluster, collected There are multiple main bodys (principle) in group, wherein main body can be communicated between server, and each main body.When When using communication protocol communication, to ensure safety, the communication protocol server for being used can be to main body for each main body of preceding cluster An authentication processing file is issued, certification is made with the identity to main body, it is ensured that the security of network.The present embodiment takes spare unit When the request using authentication processing file execution authentication operation is detected, the authentication processing file is obtained;Then will be described Authentication processing file is sent to credible cryptographic hardware modules;So that the credible cryptographic hardware modules are to the authentication processing file It is decrypted operation;Operation is authenticated using the authentication processing file after decryption.Because credible cryptographic hardware modules are arranged at Locally, therefore, even if disabled user obtain authority treatment file, it cannot still be decrypted, it is impossible to using authority process file Carry out other operations.So, main body not only needs the authority with log database, in addition it is also necessary to has and processes file to authority The authority for being operated, improves the security of network.
Fig. 3 is the flow chart of the embodiment three of network safety managing method of the invention.As shown in figure 3, the present embodiment Network safety managing method, specifically may include steps of:
S301, receives the request of main body transmission in cluster.
Specifically, the executive agent of the present embodiment is the corresponding communication for carrying out used communication protocol in cluster between main body Protocol server.If for example, between main body communicate when use kerberos agreements, communication when with kerberos protocol services When device is attached, kerberos protocol servers receive the request that main body sends.
S302, according to the content of the request, sends by recognizing after the encryption of credible cryptographic hardware modules to the main body Card treatment file.
Specifically, communication protocol server issues authentication processing file according to the content of subject requests to main body.For example, A main body in cluster ensures the security communicated between main body in cluster using kerberos agreements, if the main body passes through After Authority Verification, then kerberos protocol servers can be issued to it and encrypted by credible cryptographic hardware modules (such as TCM modules) Authentication processing file (i.e. keytab files) afterwards.
The authentication processing file includes the Rule Information and/or key information of the authentication operation.
In an application scenarios, communicated using kerberos agreements between the main body in cluster.Before a communication, Main information and logical by kerberos agreements is saved in the keytab files that kerberos protocol servers are issued to main body The key of letter password generation.In the specific implementation, keytab files can be script format, in order to read.
When the technical scheme of the embodiment of the present invention to authentication processing file by being authenticated, using credible encryption hardware mould Block is encrypted decryption oprerations, so as to improve the security of network.
Example IV
A kind of server is present embodiments provided, the server is the server in cluster.Each master in for cluster Body, to improve the security of network, needs to use authentication processing file to be authenticated in communication for the communication between main body. The present embodiment is encrypted to authentication processing file in order to improve internet security using credible cryptographic hardware modules, in service Device is received when being asked with authentication operation, and operation is decrypted to authentication processing file.Because credible cryptographic hardware modules are set In local, so Encrypt and Decrypt process occurs local, even if disabled user obtains authority treatment file, also cannot be to power Limit treatment file is decrypted, therefore improves the security of network.Further, as shown in figure 4, the server includes:
Processor 41, when being configured to detect the request using authentication processing file execution authentication operation, obtains the certification Treatment file, and the authentication processing file is sent to credible cryptographic hardware modules;
Credible cryptographic hardware modules 42, configure to be decrypted operation to the authentication processing file;
Wherein, the processor 41 is additionally configured to be authenticated operation using the authentication processing file after decryption.
In a specific embodiment, the processor 41 is additionally configured to, when the authentication processing file is generated, call The credible cryptographic hardware modules are encrypted operation to the authentication processing file.
In another specific embodiment, the processor 41 is additionally configured in the credible cryptographic hardware modules to described Before authentication processing file is decrypted operation, the processing authority of the request is verified, obtain the first judged result, and described When first judged result shows that the request possesses the claim for performing authentication operation, the credible cryptographic hardware modules are recognized described Card treatment file is decrypted operation.
When the technical scheme of the embodiment of the present invention to authentication processing file by being authenticated, using credible encryption hardware mould Block is encrypted decryption oprerations, so as to improve the security of network.
In several embodiments provided herein, it should be understood that disclosed apparatus and method, can be by it Its mode is realized.Apparatus embodiments described above are only schematical, for example, the division of the unit, is only A kind of division of logic function, can have other dividing mode, such as when actually realizing:Multiple units or component can be combined, or Another system is desirably integrated into, or some features can be ignored, or do not perform.In addition, shown or discussed each composition portion Coupling point each other or direct-coupling or communication connection can be the INDIRECT COUPLINGs of equipment or unit by some interfaces Or communication connection, can be electrical, machinery or other forms.
The above-mentioned unit that is illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit The part for showing can be or may not be physical location, you can with positioned at a place, it is also possible to be distributed to multiple network lists In unit;Part or all of unit therein can be according to the actual needs selected to realize the purpose of this embodiment scheme.
In addition, each functional unit in various embodiments of the present invention can be fully integrated into a processing unit, also may be used Being each unit individually as a unit, it is also possible to which two or more units are integrated in a unit;It is above-mentioned Integrated unit can both be realized in the form of hardware, it would however also be possible to employ hardware adds the form of SFU software functional unit to realize.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above method embodiment can pass through Programmed instruction related hardware is completed, and foregoing program can be stored in a computer read/write memory medium, the program Upon execution, the step of including above method embodiment is performed;And foregoing storage medium includes:It is movable storage device, read-only Memory (ROM, Read Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or Person's CD etc. is various can be with the medium of store program codes.
Or, if the above-mentioned integrated unit of the present invention is to realize in the form of software function module and as independent product When selling or using, it is also possible to which storage is in a computer read/write memory medium.Based on such understanding, the present invention is implemented The part that the technical scheme of example substantially contributes to prior art in other words can be embodied in the form of software product, The computer software product is stored in a storage medium, including some instructions are used to so that computer equipment (can be with It is personal computer, server or network equipment etc.) perform all or part of each embodiment methods described of the invention. And foregoing storage medium includes:Movable storage device, read-only storage (ROM, Read Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
The above, specific embodiment only of the invention, but protection scope of the present invention is not limited thereto, and it is any Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all contain Cover within protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.

Claims (10)

1. a kind of network safety managing method, including:
When detecting the request using authentication processing file execution authentication operation, the authentication processing file is obtained;
The authentication processing file is sent to credible cryptographic hardware modules;So that the credible cryptographic hardware modules are recognized described Card treatment file is decrypted operation;
Operation is authenticated using the authentication processing file after decryption.
2. method according to claim 1, methods described also includes:
When the authentication processing file is generated, the credible cryptographic hardware modules are called to add the authentication processing file Close operation.
3. method according to claim 1, solves in the credible cryptographic hardware modules to the authentication processing file Before close operation, including:
The processing authority of the request is verified, the first judged result is obtained;
When first judged result shows that the request possesses the claim for performing authentication operation, the credible encryption hardware mould Block is decrypted operation to the authentication processing file.
4. method according to claim 3, methods described includes:
Judge the access claim of the user of the transmission request, obtain the second judged result;
It is described credible when second judged result shows that the user possesses the access claim to the authentication processing file Cryptographic hardware modules are decrypted operation to the authentication processing file.
5. method according to claim 1, the authentication processing file include the Rule Information of the authentication operation and/or Key information.
6. a kind of network safety managing method, methods described includes:
The request of main body transmission in cluster is received,
According to the content of the request, sent by the authentication processing text after the encryption of credible cryptographic hardware modules to the main body Part.
7. network safety managing method according to claim 6, methods described includes
The authentication processing file includes the Rule Information and/or key information of the authentication operation.
8. a kind of server, including:
Processor, when being configured to detect the request using authentication processing file execution authentication operation, obtains the authentication processing text Part, and the authentication processing file is sent to credible cryptographic hardware modules;
Credible cryptographic hardware modules, configure to be decrypted operation to the authentication processing file;
Wherein, the processor is additionally configured to be authenticated operation using the authentication processing file after decryption.
9. server according to claim 8, including:
The processor is additionally configured to, when the authentication processing file is generated, call the credible cryptographic hardware modules to described Authentication processing file is encrypted operation.
10. server according to claim 8, including:
The processor is additionally configured to be decrypted operation to the authentication processing file in the credible cryptographic hardware modules Before, the processing authority of the request is verified, the first judged result is obtained, and show the request tool in first judged result During the claim of standby execution authentication operation, the credible cryptographic hardware modules are decrypted operation to the authentication processing file.
CN201710192236.3A 2017-03-28 2017-03-28 Network safety managing method and server Pending CN106790307A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710192236.3A CN106790307A (en) 2017-03-28 2017-03-28 Network safety managing method and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710192236.3A CN106790307A (en) 2017-03-28 2017-03-28 Network safety managing method and server

Publications (1)

Publication Number Publication Date
CN106790307A true CN106790307A (en) 2017-05-31

Family

ID=58966747

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710192236.3A Pending CN106790307A (en) 2017-03-28 2017-03-28 Network safety managing method and server

Country Status (1)

Country Link
CN (1) CN106790307A (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1853397A (en) * 2003-09-19 2006-10-25 皇家飞利浦电子股份有限公司 Method for enhancing wireless LAN safety
WO2007106851A2 (en) * 2006-03-14 2007-09-20 Document Atm Incorporated Distributed access to valuable and sensitive documents and data
CN101505400A (en) * 2009-03-10 2009-08-12 深圳华为通信技术有限公司 Bi-directional set-top box authentication method, system and related equipment
CN101882115A (en) * 2010-06-28 2010-11-10 上海北大方正科技电脑系统有限公司 Encryption sharing method for mobile storage device
CN101986325A (en) * 2010-11-01 2011-03-16 山东超越数控电子有限公司 Computer security access control system and method
CN102025492A (en) * 2009-09-10 2011-04-20 联想(北京)有限公司 WEB server and data protection method thereof
CN102236755A (en) * 2011-05-04 2011-11-09 山东超越数控电子有限公司 One-machine multi-user security access control method
CN102457766A (en) * 2010-10-18 2012-05-16 Tcl集团股份有限公司 Method for checking access authority of Internet protocol television
CN104023012A (en) * 2014-05-30 2014-09-03 北京金山网络科技有限公司 Method, device and system for scheduling service in cluster
CN104580250A (en) * 2015-01-29 2015-04-29 成都卫士通信息产业股份有限公司 System and method for authenticating credible identities on basis of safety chips
CN106161359A (en) * 2015-04-02 2016-11-23 阿里巴巴集团控股有限公司 The method and device of certification user, the method and device of registration wearable device

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1853397A (en) * 2003-09-19 2006-10-25 皇家飞利浦电子股份有限公司 Method for enhancing wireless LAN safety
WO2007106851A2 (en) * 2006-03-14 2007-09-20 Document Atm Incorporated Distributed access to valuable and sensitive documents and data
CN101505400A (en) * 2009-03-10 2009-08-12 深圳华为通信技术有限公司 Bi-directional set-top box authentication method, system and related equipment
CN102025492A (en) * 2009-09-10 2011-04-20 联想(北京)有限公司 WEB server and data protection method thereof
CN101882115A (en) * 2010-06-28 2010-11-10 上海北大方正科技电脑系统有限公司 Encryption sharing method for mobile storage device
CN102457766A (en) * 2010-10-18 2012-05-16 Tcl集团股份有限公司 Method for checking access authority of Internet protocol television
CN101986325A (en) * 2010-11-01 2011-03-16 山东超越数控电子有限公司 Computer security access control system and method
CN102236755A (en) * 2011-05-04 2011-11-09 山东超越数控电子有限公司 One-machine multi-user security access control method
CN104023012A (en) * 2014-05-30 2014-09-03 北京金山网络科技有限公司 Method, device and system for scheduling service in cluster
CN104580250A (en) * 2015-01-29 2015-04-29 成都卫士通信息产业股份有限公司 System and method for authenticating credible identities on basis of safety chips
CN106161359A (en) * 2015-04-02 2016-11-23 阿里巴巴集团控股有限公司 The method and device of certification user, the method and device of registration wearable device

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
刘建伟,李为宇,孙钰: "社交网络安全问题及其解决方案", 《中国科学技术大学学报》 *
文远保,吴少鸿: "Intranet安全与防火墙技术研究", 《华中理工大学学报》 *
朱树人,李伟琴: "一种基于RSA加密的身份认证系统", 《小型微型计算机系统》 *

Similar Documents

Publication Publication Date Title
JP6941146B2 (en) Data security service
EP2020797B1 (en) Client-server Opaque token passing apparatus and method
Lim et al. Security issues and future challenges of cloud service authentication
US8788836B1 (en) Method and apparatus for providing identity claim validation
CN110489996B (en) Database data security management method and system
CN114513533A (en) Classified and graded fitness and health big data sharing system and method
US20100153702A1 (en) Tls key and cgi session id pairing
CN111783075A (en) Authority management method, device and medium based on secret key and electronic equipment
CN109728903B (en) Block chain weak center password authorization method using attribute password
CN102215221A (en) Methods and systems for secure remote wake, boot, and login to a computer from a mobile device
EP3694142A1 (en) Management and distribution of keys in distributed environments (ie cloud)
CN104767731A (en) Identity authentication protection method of Restful mobile transaction system
EP2572489A1 (en) System and method for protecting access to authentication systems
CN106936579A (en) Cloud storage data storage and read method based on trusted third party agency
JP5992535B2 (en) Apparatus and method for performing wireless ID provisioning
CN108737376A (en) A kind of double factor authentication method and system based on fingerprint and digital certificate
CN104767766A (en) Web Service interface verification method, Web Service server and client side
CN106992978B (en) Network security management method and server
WO2021170049A1 (en) Method and apparatus for recording access behavior
CN112261103A (en) Node access method and related equipment
US11245684B2 (en) User enrollment and authentication across providers having trusted authentication and identity management services
CN111538973A (en) Personal authorization access control system based on state cryptographic algorithm
Suthar et al. EncryScation: A novel framework for cloud iaas, daas security using encryption and obfuscation techniques
WO2023201040A1 (en) Cryptographic signature delegation
CN106790307A (en) Network safety managing method and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170531

RJ01 Rejection of invention patent application after publication