CN108011873A - A kind of illegal connection determination methods based on set covering - Google Patents
A kind of illegal connection determination methods based on set covering Download PDFInfo
- Publication number
- CN108011873A CN108011873A CN201711215980.7A CN201711215980A CN108011873A CN 108011873 A CN108011873 A CN 108011873A CN 201711215980 A CN201711215980 A CN 201711215980A CN 108011873 A CN108011873 A CN 108011873A
- Authority
- CN
- China
- Prior art keywords
- client
- server
- terminal
- message
- legal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/162—Implementing security features at a particular protocol layer at the data link layer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of illegal connection determination methods based on set covering, include the following steps:Step 1, establishes server and multiple client, is stored with client and the single corresponding log-on message of client-side information;Step 2, user end to server send certification request, and the log-on message of client is compared server with legal terminal list;Step 3, legitimate client receives legal terminal list, when legitimate client receives the communication request of other clients transmission, the log-on message of client for sending communication request is identified in legitimate client, judge log-on message whether there is with legal terminal list.Legal terminal list is sent to each legitimate client, identification is individually carried out again without server by the present invention when establishing communication environment, this determination methods is convenient and efficient, the work of identification is shared to the work load for each client, alleviating server, and is improved work efficiency.
Description
Technical field
The invention is related to data connection technical field, more particularly to a kind of illegal connection based on set covering judges
Method.
Background technology
Current illegal connection is the principal element for causing the security risks such as data leak, especially illegally outer to connect, illegal outer
The machine that company refers to install client accesses external network without approval.
Traditional connection validity judgement method is identified using the independent identity to multiple client of server more, from
And ensure the legitimacy of each client identity, but when occurring carrying out data connection between illegality equipment and client, service
Device in time can not be identified illegality equipment, and illegality equipment can steal the information stored in client even by client
The data being stored in server are obtained, cause the leakage of information to a certain extent.
The content of the invention
To solve the deficiencies in the prior art, it is an object of the invention to provide a kind of illegal connection based on set covering to sentence
Disconnected method, is sent to each legitimate client by legal terminal list, identification is individually carried out again without server, this judgement
Method is convenient and efficient, the work of identification is shared to the work load for each client, alleviating server, and improve
Work efficiency.
In order to realize above-mentioned target, the present invention adopts the following technical scheme that:
A kind of illegal connection determination methods based on set covering, including:
Step 1, establishes server and multiple client, is stored with client and the single corresponding registration of client-side information
Information, server memory contain legal terminal list, and legal terminal list includes the log-on message of multiple client;
Step 2, user end to server send certification request, and server is by the log-on message of client and legal terminal list
It is compared;
If comparing successfully, server persistently establishes the passage communicated with client, and server sends legal end to client
List is held, and client is denoted as legitimate client;
If comparison is unsuccessful, client is denoted as illegitimate client by server, and stops being communicated with client;
Step 3, legitimate client form network trust chain model M-TNC using Trusted network connection, use trustable network
Interconnection technique TNC, the terminal technology provided by using trusted host, realizes terminal access control in a network environment; M-
The control of authority rule of TNC checks the confidence level of terminal using the completeness check of terminal;
The framework of M-TNC is divided into following 3 class entity:Terminal access person AP, regular judgement person RJP, regular definien RDP;
Terminal access person is terminal access equipment, the resource of request server;Regular judgement person and regular definien pacify for terminal
Full access control system;
The element definition of M-TNC includes following two definition:
First definition:Resource set R=ri | i=1…N }, the resource collection of enterprise's office network;
Second definition:Resource service domain RS={ R, SDP, AP, ISP }, R are the resource sets that enterprise network provides, and RJP is definitely may be used
The regular judgement person of letter, RDP manage AP and assisted network ISP ISP (the Internet Service in whole domain
Provider) verify the credibility of M-TNC, while accept the cross-domain services request message of other domains M-TNC;
Trusted end-user Access Algorithm includes the following steps:
Step a, RDP formulate corresponding acl rule according to the confidence level of AP: ACLPolicy←getACLPolicy();
Step b, AP request access:Access request is sent, the reliability assessment value of the terminal is collected and is sent to RJP, is waited
RJP judges the confidence level of terminal device: APCredibility←CollectAPCredibility ();
CredibilityResult←SendJudgeRequest();
The integrality and authenticity of MTAM (Mobile Terminal Access Module) module are tested in step c, RDP completion
Card, the terminal device being responsible in MTAM issue trusted certificates: CredibilityCertificate←
InRealityIntegrityCheck();
Step d, RDP is responsible to define and distributes the confidence level decision rule of AP, and its certificate is verified, to assess the access
The credibility of equipment: CredibilityPolicy←RDPMakeAndAllocatePolicy();To the body of MTAM
Part is differentiated, verifies the validity of AP certificates, verifies the credibility of AP equipment: VerifyAPValidity();
Access mechanism analytic process includes:The credible evaluation certificate that MTAM is issued to RDP registration services, application RDP, is somebody's turn to do
After certificate, MTAM can be interacted with ISP, and ISP is by verifying that the legitimacy of credible evaluation certificate is completed to the credible of MTAM
Degree assessment;RDP obtains the trusted certificates signed and issued by trusted end-user judgement center CMJC, and certificate includes the public key and CMJC label of RDP
The information such as name, and public key is announced to external equipments such as terminals by secure way, the entity identities certificate format of each terminal is such as
Under:CertA={ IDA, KPubA, DateA, LFA, EKSCAC { IDA, KPA, DateA, LFA } } wherein KPubA is terminal A
Public key, EKSCA are the private keys of CMJC, and DateA is the date of issue of certificate, and LFA is the term of validity of certificate.
A kind of foregoing illegal connection determination methods based on set covering, M-TNC is using the latter linked access of first security evaluation
Mode.
A kind of foregoing illegal connection determination methods based on set covering, log-on message include client IP address and
MAC Address.
A kind of foregoing illegal connection determination methods based on set covering, step 2, user end to server, which is sent, to be recognized
The log-on message of client is compared with legal terminal list for card request, server;
If comparing successfully, server persistently establishes the passage communicated with client, and server sends legal end to client
List is held, and client is denoted as legitimate client;
If comparison is unsuccessful, client is denoted as illegitimate client by server, and stopping is communicated with client, serviced at the same time
The multiple client that device is stored in legal terminal list to log-on message sends warning message.
A kind of foregoing illegal connection determination methods based on set covering,
Step 2, user end to server send certification request, and server is by the log-on message of client and legal terminal list
It is compared;
If comparing successfully, server persistently establishes the passage communicated with client, and server sends legal end to client
List is held, and client is denoted as legitimate client;
If comparison is unsuccessful, client is denoted as illegitimate client by server, and stopping is communicated with client, serviced at the same time
Device calls the label information that can be easy to mark illegitimate client to illegitimate client, and label information deposit illegal connection is led to
News record, the number that record illegitimate client accesses;Above-mentioned label information is to include terminal unique identifier.
A kind of foregoing illegal connection determination methods based on set covering,
Step 2, user end to server send certification request, and server is by the log-on message of client and legal terminal list
It is compared, local security policy is sent to legitimate client by server in real time;
If comparing successfully, server persistently establishes the passage communicated with client, and server sends legal end to client
List is held, and client is denoted as legitimate client;
If comparison is unsuccessful, client is denoted as illegitimate client by server, and stopping is communicated with client.
A kind of foregoing illegal connection determination methods based on set covering,
Illegitimate client can send safety identification request to server, after device to be serviced allows illegitimate client to be attached,
The label information of illegitimate client is deleted from illegal connection address list.
A kind of foregoing illegal connection determination methods based on set covering, further include:Step 4, the regular pairing of server
Corresponding multiple client is identified in method terminal list.
The invention has the beneficial effects that:
The present invention is identified the identity of client when establishing communication environment, and legal terminal list is sent to each
Legitimate client, when being communicated between client, identification is individually carried out without server again, this determination methods is convenient
Fast, the work of identification is shared to the work load for each client, alleviating server, and improves work effect
Rate.
The present invention can be collected illegitimate client arrangement, facilitate staff's tune by illegal connection address list
Access grasps the access situation of illegitimate client according to intuitively being checked to illegitimate client, to the equipment of malicious access into
Row identification and subsequent treatment.
The server of the present invention possesses the function being identified again, after success to be identified, by the mark of illegitimate client
Information is deleted from illegal connection address list, and distributes registration letter to illegitimate client according to the label information of illegitimate client
Breath, and the log-on message of illegitimate client is stored to legal terminal list, so that the identity of illegitimate client is legal, energy
It is enough to be subsequently normally connected with other clients and server.
Brief description of the drawings
Fig. 1 is a kind of flow chart of embodiment of the present invention.
Embodiment
Make specific introduce to the present invention below in conjunction with the drawings and specific embodiments.
A kind of illegal connection determination methods based on set covering, including:
Step 1, establishes server and multiple client, is stored with client and the single corresponding registration of client-side information
Information, server memory contain legal terminal list, and legal terminal list includes the log-on message of multiple client;Log-on message
IP address and MAC Address including client.
Step 2, user end to server send certification request, and server is by the log-on message and legal terminal of client
List is compared;
If comparing successfully, server persistently establishes the passage communicated with client, and server sends legal end to client
List is held, and client is denoted as legitimate client;
If comparison is unsuccessful, client is denoted as illegitimate client by server, and stops being communicated with client;
Embodiment preferably 1, step 2, user end to server send certification request, server by the log-on message of client with
Legal terminal list is compared;
If comparing successfully, server persistently establishes the passage communicated with client, and server sends legal end to client
List is held, and client is denoted as legitimate client;
If comparison is unsuccessful, client is denoted as illegitimate client by server, and stopping is communicated with client, serviced at the same time
Device calls the label information that can be easy to mark illegitimate client to illegitimate client, and label information deposit illegal connection is led to
News record, the number that record illegitimate client accesses;Above-mentioned label information is to include terminal unique identifier;Believed by marking
Breath, server and client can carry out accurately identification.
By illegal connection address list, arrangement can be collected to illegitimate client, facilitates staff's called data
Intuitively illegitimate client is checked, the access situation of illegitimate client is grasped, the equipment of malicious access is identified
And subsequent treatment.
Embodiment preferably 2, step 2, user end to server send certification request, and server believes the registration of client
Breath is compared with legal terminal list, and local security policy is sent to legitimate client by server in real time;Pass through local peace
Full policy, legitimate client such as can be identified, connect, refuse at the data processing work according to the requirement of server, to ensure
Connect the smooth of work entirety.
If comparing successfully, server persistently establishes the passage communicated with client, and server sends to client and closes
Method terminal list, and client is denoted as legitimate client;
If comparison is unsuccessful, client is denoted as illegitimate client by server, and stopping is communicated with client.
Embodiment preferably 3, step 2, user end to server send certification request, and server believes the registration of client
Breath is compared with legal terminal list;
If comparing successfully, server persistently establishes the passage communicated with client, and server sends legal end to client
List is held, and client is denoted as legitimate client;
If comparison is unsuccessful, client is denoted as illegitimate client by server, and stopping is communicated with client, serviced at the same time
The multiple client that device is stored in legal terminal list to log-on message sends warning message.
Such design is it is possible to notify that log-on message is stored in the multiple client of legal terminal list, and there are illegal connection
Situation, to remind carry out information protection.
Step 3, legitimate client form network trust chain model M-TNC using Trusted network connection, and use is credible
Network Connection TNC, the terminal technology provided by using trusted host, realizes terminal access control in a network environment;
The control of authority rule of M-TNC checks the confidence level of terminal using the completeness check of terminal;
The framework of M-TNC is divided into following 3 class entity:Terminal access person AP, regular judgement person RJP, regular definien RDP;
Terminal access person is terminal access equipment, the resource of request server;Regular judgement person and regular definien pacify for terminal
Full access control system;
The element definition of M-TNC includes following two definition:
First definition:Resource set R=ri | i=1…N }, the resource collection of enterprise's office network;
Second definition:Resource service domain RS={ R, SDP, AP, ISP }, R are the resource sets that enterprise network provides, and RJP is definitely may be used
The regular judgement person of letter, RDP manage AP and assisted network ISP ISP (the Internet Service in whole domain
Provider) verify the credibility of M-TNC, while accept the cross-domain services request message of other domains M-TNC;
Trusted end-user Access Algorithm includes the following steps:
Step a, RDP formulate corresponding acl rule according to the confidence level of AP: ACLPolicy←getACLPolicy();
Step b, AP request access:Access request is sent, the reliability assessment value of the terminal is collected and is sent to RJP, waits RJP
The confidence level of terminal device is judged: APCredibility←CollectAPCredibility ();
CredibilityResult←SendJudgeRequest();
The integrality and authenticity of MTAM (Mobile Terminal Access Module) module are tested in step c, RDP completion
Card, the terminal device being responsible in MTAM issue trusted certificates: CredibilityCertificate←
InRealityIntegrityCheck();
Step d, RDP is responsible to define and distributes the confidence level decision rule of AP, and its certificate is verified, to assess the access
The credibility of equipment: CredibilityPolicy←RDPMakeAndAllocatePolicy();To the body of MTAM
Part is differentiated, verifies the validity of AP certificates, verifies the credibility of AP equipment: VerifyAPValidity();
Access mechanism analytic process includes:The credible evaluation certificate that MTAM is issued to RDP registration services, application RDP, is somebody's turn to do
After certificate, MTAM can be interacted with ISP, and ISP is by verifying that the legitimacy of credible evaluation certificate is completed to the credible of MTAM
Degree assessment;RDP obtains the trusted certificates signed and issued by trusted end-user judgement center CMJC, and certificate includes the public key and CMJC label of RDP
The information such as name, and public key is announced to external equipments such as terminals by secure way, the entity identities certificate format of each terminal is such as
Under:CertA={ IDA, KPubA, DateA, LFA, EKSCAC { IDA, KPA, DateA, LFA } } wherein KPubA is terminal A
Public key, EKSCA are the private keys of CMJC, and DateA is the date of issue of certificate, and LFA is the term of validity of certificate.
As a kind of embodiment, MTAM and RDP, which is established, to be connected, and applies for the trusted certificates issued by RDP.MTAM bases before connection is established
Carry out integrity measurement in RDP, MTAM and RDP consult to complete authentication between MTAM and RDP, the authentication be it is two-way,
RDP, which is realized, after the completion of certification judges the confidence level of MTAM platforms.The MTAM judged by authentication and confidence level can be obtained
It is the trusted certificates that it is issued to obtain RDP, and within the effective time of certificate, terminal user, which holds the certificate, to establish clothes with ISP
Business connection.
Traditional access way is:Security evaluation after M-TNC is first connected;The present invention is different from traditional approach, and M-TNC is used
The first latter linked access way of security evaluation, such design can greatly enhance the security of network insertion.
As a preferred embodiment, illegitimate client can send safety identification request to server, device to be serviced allows illegal
After client is attached, the label information of illegitimate client is deleted from illegal connection address list.In practical work process
In, server and multiple client are established, is stored with client and the single corresponding log-on message of client-side information, service
Device memory contains legal terminal list, and legal terminal list includes the log-on message of multiple client, but does not ensure that follow-up
In work, the quantity of client can't be increased, and increase the quantity of client there are two kinds of situations:
A kind of situation is to increase new client, and staff needs to store log-on message in newly-increased client at this time, and
Legal terminal list to server memory storage is updated, and log-on message storage and the legal terminal of newly-increased client are arranged
In table, so that newly-increased client subsequently can be connected normally;
Another situation is to be attached before this with server, and as the equipment of illegitimate client, in follow-up work
When, it may be allowed to be connected with server, therefore server possesses the function being identified again, success to be identified
Afterwards, the label information of illegitimate client is deleted from illegal connection address list, and according to the label information of illegitimate client to
Illegitimate client distributes log-on message, and the log-on message of illegitimate client is stored to legal terminal list, so that illegal visitor
The identity at family end is legal, subsequently can be normally connected with other clients and server.
A kind of illegal connection determination methods based on set covering, further include:Step 4, server is periodically to legal terminal
Corresponding multiple client is identified in list.In practical work process, when client terminal quantity is more, server may
There is a situation where identification mistake, therefore server periodically corresponding multiple client in legal terminal list is identified so as to
It is legitimate client to ensure client, is avoided during the work time, and client causes leaking for information in the case of unwitting.
The present invention is identified the identity of client, and legal terminal list is sent to when establishing communication environment
Each legitimate client, when being communicated between client, individually carries out identification, this determination methods again without server
It is convenient and efficient, the work of identification is shared to the work load for each client, alleviating server, and improve work
Efficiency.
The present invention can be collected illegitimate client arrangement, facilitate staff's tune by illegal connection address list
Access grasps the access situation of illegitimate client according to intuitively being checked to illegitimate client, to the equipment of malicious access into
Row identification and subsequent treatment.
The server of the present invention possesses the function being identified again, after success to be identified, by the mark of illegitimate client
Information is deleted from illegal connection address list, and distributes registration letter to illegitimate client according to the label information of illegitimate client
Breath, and the log-on message of illegitimate client is stored to legal terminal list, so that the identity of illegitimate client is legal, energy
It is enough to be subsequently normally connected with other clients and server.
The basic principles, main features and advantages of the invention have been shown and described above.The technical staff of the industry should
Understand, the invention is not limited in any way for above-described embodiment, all to be obtained by the way of equivalent substitution or equivalent transformation
Technical solution, all falls within protection scope of the present invention.
Claims (8)
- A kind of 1. illegal connection determination methods based on set covering, it is characterised in that including:Step 1, establishes server and multiple client, is stored with client and the single corresponding registration of client-side information Information, server memory contain legal terminal list, and legal terminal list includes the log-on message of multiple client;Step 2, user end to server send certification request, and server is by the log-on message of client and legal terminal list It is compared;If comparing successfully, server persistently establishes the passage communicated with client, and server sends legal end to client List is held, and client is denoted as legitimate client;If comparison is unsuccessful, client is denoted as illegitimate client by server, and stops being communicated with client;Step 3, legitimate client form network trust chain model M-TNC using Trusted network connection, use trustable network Interconnection technique TNC, the terminal technology provided by using trusted host, realizes terminal access control in a network environment;M- The control of authority rule of TNC checks the confidence level of terminal using the completeness check of terminal;The framework of M-TNC is divided into following 3 class entity:Terminal access person AP, regular judgement person RJP, regular definien RDP;Terminal access person is terminal access equipment, the resource of request server;Regular judgement person and regular definien pacify for terminal Full access control system;The element definition of M-TNC includes following two definition:First definition:Resource set R=ri | i=1…N }, the resource collection of enterprise's office network;Second definition:Resource service domain RS={ R, SDP, AP, ISP }, R are the resource sets that enterprise network provides, and RJP is definitely may be used The regular judgement person of letter, RDP manage AP and assisted network ISP ISP (the Internet Service in whole domain Provider) verify the credibility of M-TNC, while accept the cross-domain services request message of other domains M-TNC;Trusted end-user Access Algorithm includes the following steps:Step a, RDP formulate corresponding acl rule according to the confidence level of AP:ACLPolicy←getACLPolicy();Step b, AP request access:Access request is sent, the reliability assessment value of the terminal is collected and is sent to RJP, waits RJP The confidence level of terminal device is judged: APCredibility←CollectAPCredibility (); CredibilityResult←SendJudgeRequest();Step c, RDP completion is to MTAM (Mobile Terminal Access Module) module integrality and authenticity verification, the terminal device being responsible in MTAM is issued can Believe certificate: CredibilityCertificate←InRealityIntegrityCheck();Step d, RDP is responsible to define and distributes the confidence level decision rule of AP, and its certificate is verified, to assess the access The credibility of equipment: CredibilityPolicy←RDPMakeAndAllocatePolicy();To the body of MTAM Part is differentiated, verifies the validity of AP certificates, verifies the credibility of AP equipment: VerifyAPValidity();Access mechanism analytic process includes:The credible evaluation certificate that MTAM is issued to RDP registration services, application RDP, is somebody's turn to do After certificate, MTAM can be interacted with ISP, and ISP is by verifying that the legitimacy of credible evaluation certificate is completed to the credible of MTAM Degree assessment;RDP obtains the trusted certificates signed and issued by trusted end-user judgement center CMJC, and certificate includes the public key and CMJC label of RDP The information such as name, and public key is announced to external equipments such as terminals by secure way, the entity identities certificate format of each terminal is such as Under:CertA={ IDA, KPubA, DateA, LFA, EKSCAC { IDA, KPA, DateA, LFA } } wherein KPubA is terminal A Public key, EKSCA are the private keys of CMJC, and DateA is the date of issue of certificate, and LFA is the term of validity of certificate.
- A kind of 2. illegal connection determination methods based on set covering according to claim 1, it is characterised in that above-mentioned M- TNC is using the latter linked access way of first security evaluation.
- A kind of 3. illegal connection determination methods based on set covering according to claim 1, it is characterised in that above-mentioned note Volume information includes the IP address and MAC Address of client.
- A kind of 4. illegal connection determination methods based on set covering according to claim 1, it is characterised in that step Two, user end to server sends certification request, and the log-on message of client is compared server with legal terminal list;If comparing successfully, server persistently establishes the passage communicated with client, and server sends legal end to client List is held, and client is denoted as legitimate client;If comparison is unsuccessful, client is denoted as illegitimate client by server, and stopping is communicated with client, serviced at the same time The multiple client that device is stored in legal terminal list to log-on message sends warning message.
- A kind of 5. illegal connection determination methods based on set covering according to claim 1, it is characterised in that step Two, user end to server sends certification request, and the log-on message of client is compared server with legal terminal list;If comparing successfully, server persistently establishes the passage communicated with client, and server sends legal end to client List is held, and client is denoted as legitimate client;If comparison is unsuccessful, client is denoted as illegitimate client by server, and stopping is communicated with client, serviced at the same time Device calls the label information that can be easy to mark illegitimate client to illegitimate client, and label information deposit illegal connection is led to News record, the number that record illegitimate client accesses;Above-mentioned label information is to include terminal unique identifier.
- A kind of 6. illegal connection determination methods based on set covering according to claim 1, it is characterised in that step Two, user end to server sends certification request, and the log-on message of client is compared server with legal terminal list, Local security policy is sent to legitimate client by server in real time;If comparing successfully, server persistently establishes the passage communicated with client, and server sends legal end to client List is held, and client is denoted as legitimate client;If comparison is unsuccessful, client is denoted as illegitimate client by server, and stopping is communicated with client.
- A kind of 7. illegal connection determination methods based on set covering according to claim 1, it is characterised in that illegal visitor Family end can send safety identification request to server, after device to be serviced allows illegitimate client to be attached, by illegal client The label information at end is deleted from illegal connection address list.
- 8. a kind of illegal connection determination methods based on set covering according to claim 1, it is characterised in that also wrap Include:Step 4, server are periodically identified corresponding multiple client in legal terminal list.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711215980.7A CN108011873B (en) | 2017-11-28 | 2017-11-28 | Illegal connection judgment method based on set coverage |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711215980.7A CN108011873B (en) | 2017-11-28 | 2017-11-28 | Illegal connection judgment method based on set coverage |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108011873A true CN108011873A (en) | 2018-05-08 |
CN108011873B CN108011873B (en) | 2020-09-04 |
Family
ID=62054236
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711215980.7A Active CN108011873B (en) | 2017-11-28 | 2017-11-28 | Illegal connection judgment method based on set coverage |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108011873B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109067932A (en) * | 2018-07-24 | 2018-12-21 | 广州贯行电能技术有限公司 | A kind of data collection station data transmission method and data service end without fixed IP |
CN110401669A (en) * | 2019-07-31 | 2019-11-01 | 广州华多网络科技有限公司 | A kind of proof of identity method and relevant device |
CN111131255A (en) * | 2019-12-25 | 2020-05-08 | 中国联合网络通信集团有限公司 | Network private connection identification method and device |
CN112243041A (en) * | 2020-12-21 | 2021-01-19 | 成都雨云科技有限公司 | Cross-domain connection system and method for remote desktop access protocol |
CN113411190A (en) * | 2021-08-20 | 2021-09-17 | 北京数业专攻科技有限公司 | Key deployment, data communication, key exchange and security reinforcement method and system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004032421A1 (en) * | 2002-10-01 | 2004-04-15 | Huawei Technologies Co., Ltd. | A method for adding devices to management system |
CN102035837A (en) * | 2010-12-07 | 2011-04-27 | 中国科学院软件研究所 | Method and system for hierarchically connecting trusted networks |
CN106992988A (en) * | 2017-05-11 | 2017-07-28 | 浙江工商大学 | A kind of cross-domain anonymous resource sharing platform and its implementation |
-
2017
- 2017-11-28 CN CN201711215980.7A patent/CN108011873B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004032421A1 (en) * | 2002-10-01 | 2004-04-15 | Huawei Technologies Co., Ltd. | A method for adding devices to management system |
CN102035837A (en) * | 2010-12-07 | 2011-04-27 | 中国科学院软件研究所 | Method and system for hierarchically connecting trusted networks |
CN106992988A (en) * | 2017-05-11 | 2017-07-28 | 浙江工商大学 | A kind of cross-domain anonymous resource sharing platform and its implementation |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109067932A (en) * | 2018-07-24 | 2018-12-21 | 广州贯行电能技术有限公司 | A kind of data collection station data transmission method and data service end without fixed IP |
CN110401669A (en) * | 2019-07-31 | 2019-11-01 | 广州华多网络科技有限公司 | A kind of proof of identity method and relevant device |
CN110401669B (en) * | 2019-07-31 | 2021-06-11 | 广州方硅信息技术有限公司 | Identity verification method and related equipment |
CN111131255A (en) * | 2019-12-25 | 2020-05-08 | 中国联合网络通信集团有限公司 | Network private connection identification method and device |
CN111131255B (en) * | 2019-12-25 | 2022-03-15 | 中国联合网络通信集团有限公司 | Network private connection identification method and device |
CN112243041A (en) * | 2020-12-21 | 2021-01-19 | 成都雨云科技有限公司 | Cross-domain connection system and method for remote desktop access protocol |
CN113411190A (en) * | 2021-08-20 | 2021-09-17 | 北京数业专攻科技有限公司 | Key deployment, data communication, key exchange and security reinforcement method and system |
Also Published As
Publication number | Publication date |
---|---|
CN108011873B (en) | 2020-09-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108011873A (en) | A kind of illegal connection determination methods based on set covering | |
CN111541656A (en) | Identity authentication method and system based on converged media cloud platform | |
EP2770662A1 (en) | Centralized security management method and system for third party application and corresponding communication system | |
CN108512862A (en) | Internet-of-things terminal safety certification control platform based on no certificates identified authentication techniques | |
CN101741860B (en) | Computer remote security control method | |
CN107846447A (en) | A kind of method of the home terminal access message-oriented middleware based on MQTT agreements | |
US20100138907A1 (en) | Method and system for generating digital certificates and certificate signing requests | |
US8274401B2 (en) | Secure data transfer in a communication system including portable meters | |
CN104378210A (en) | Cross-trust-domain identity authentication method | |
CN103067337B (en) | Identity federation method, identity federation intrusion detection & prevention system (IdP), identity federation service provider (SP) and identity federation system | |
CN103391539B (en) | The account-opening method of internet protocol multi-media sub-system IMS, Apparatus and system | |
US10862890B2 (en) | Method and system related to authentication of users for accessing data networks | |
CN108040044B (en) | A kind of management method and system for realizing eSIM card security authentication | |
CN107113613B (en) | Server, mobile terminal, network real-name authentication system and method | |
CN107786515B (en) | Certificate authentication method and equipment | |
CN100561919C (en) | A kind of broadband access user authentication method | |
CN109347875A (en) | Internet of things equipment, platform of internet of things and the method and system for accessing platform of internet of things | |
US20070234054A1 (en) | System and method of network equipment remote access authentication in a communications network | |
CN104869111B (en) | A kind of trusted end-user access authentication system and method | |
US9332432B2 (en) | Methods and system for device authentication | |
CN108259406A (en) | Examine the method and system of SSL certificate | |
CN105681030A (en) | Key management system, method and device | |
JP2001186122A (en) | Authentication system and authentication method | |
CN106559785A (en) | Authentication method, equipment and system and access device and terminal | |
CN108834146A (en) | A kind of Bidirectional identity authentication method between terminal and authentication gateway |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |