CN109787988B - Identity strengthening authentication and authorization method and device - Google Patents
Identity strengthening authentication and authorization method and device Download PDFInfo
- Publication number
- CN109787988B CN109787988B CN201910092700.0A CN201910092700A CN109787988B CN 109787988 B CN109787988 B CN 109787988B CN 201910092700 A CN201910092700 A CN 201910092700A CN 109787988 B CN109787988 B CN 109787988B
- Authority
- CN
- China
- Prior art keywords
- access
- security
- security gateway
- certificate
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a method and a device for strengthening authentication and authorization of identity, wherein the method comprises the following steps: deploying a security gateway at an access entrance of a target website, and acquiring an access request of the target website through encrypted communication; the security gateway is utilized to verify the identity information and the authority of the applicant applying for access; recording the access request behavior, and formatting an output behavior rule; and judging the legality of the content requested to be accessed, alarming illegal content and terminating access. By deploying a security gateway at an access entrance of a target website, deploying a security authentication certificate on a PC client and adopting a mode of verifying the certificate and certificate identity authority identification of the security website, the access authority of the identity of an employee client to a target service system is controlled under the condition that an enterprise does not change a network structure and a service system code, the defects of the traditional login based on a user name/password mode in the security aspects of authentication and the like are effectively overcome, and the information security of the enterprise is effectively improved.
Description
Technical Field
The invention relates to the technical field of enterprise information security, in particular to an identity enhanced authentication and authorization method and device.
Background
The traditional service system based on account number and password login authentication has great potential safety hazard, and the potential safety hazard that data of a target service system is exposed to leakage can be caused by the defects that personal staff set weak passwords, the passwords are unintentionally lost, hacker attacks and the like. On the other hand, a common password-based login system has no effective auditing means, staff behavior operation has great risk to the operation of the system, and a business system has great hacker attack risk if directly exposed to the internet.
Disclosure of Invention
The invention aims to solve the problem of information safety hidden trouble in the prior art when an enterprise business system is accessed by using an account password login mode, and provides an identity enhanced authentication and authentication method and device.
In a first aspect, an embodiment of the present invention provides an identity enhanced authentication and authorization method, including:
acquiring an access request of a target website;
the security gateway is used for verifying the identity information and the authority of a requester applying for access, if the verification is not passed, the access is forbidden, and if the verification is passed, the access to the target website is allowed;
recording the access request behavior, and formatting an output behavior rule;
and judging the legality of the content requested to be accessed, alarming illegal content and terminating access.
Further, the obtaining of the access request of the target website includes:
acquiring identity information of a requester who applies for accessing a target website;
returning a public key certificate of a security gateway according to the identity information of the applicant;
verifying whether the target website requested to be accessed is legal or not by judging the validity of the public key certificate;
if the public key certificate is valid, the legal verification is passed, and encrypted communication is established; otherwise, the legal verification fails and the communication is terminated.
Further, the identity information of the requester and the public key certificate of the security gateway include information corresponding to each other, wherein the identity information of the requester includes: employee ID, mailbox, name, security authentication certificate protocol version number, encryption algorithm type and random number; the public key certificate of the security gateway comprises the following components for accessing website information: the security authentication certificate comprises a security authentication certificate protocol version number, an encryption algorithm type, a random number and a communication certificate of a security gateway.
Further, the establishing encrypted communication includes:
acquiring a security authentication certificate and an authority identification of a requester;
performing authority authentication according to the security authentication certificate and the authority identification, and if the security authentication certificate is valid and has the authority of accessing a target website, acquiring an access public key;
selecting a symmetric encryption scheme, and encrypting the symmetric encryption scheme by using the public key to generate a ciphertext of the symmetric encryption scheme;
obtaining a private key according to the ciphertext of the symmetric encryption scheme;
decrypting the ciphertext of the symmetric encryption scheme by using the private key to generate a random code as a secret key in a communication encryption process;
and encrypting the secret key in the communication encryption process by using the public key certificate of the security gateway.
Further, the obtaining of the access request of the target website includes:
receiving application information requesting to access a target website through the security gateway;
decrypting the application information by using a private key of a security gateway to obtain a secret key in the communication encryption process;
and carrying out symmetric encryption on the communication process by using the key.
Further, the verifying identity information and authority of the applicant applying for access by using the security gateway includes:
checking whether the identity information of the applicant is wrong or not, wherein the applicant with wrong identity information forbids to access the target website;
and checking whether the safety authentication certificate corresponding to the identity information of the applicant is overdue or not, wherein the applicant with the overdue safety authentication certificate forbids to access the target website.
Further, the determining the validity of the content requested to be accessed includes:
adopting semantic-based analysis to judge whether the content requested to be accessed has an attack behavior, and if the content requested to be accessed relates to the attack behavior, considering the content as illegal content; and if the content requested to be accessed does not have the attack behavior, the content is regarded as safe access content.
Further, before the target website access portal deploys the security gateway, the method further includes:
respectively generating a security authentication certificate and a right to access a target website aiming at each identity information;
and generating a digital certificate for installing at the client according to the security authentication certificate and the authority for accessing the target website.
In a second aspect, an embodiment of the present invention provides an identity enhanced authentication and authorization apparatus, including:
the acquisition module is used for acquiring an access request of a target website;
the verification module is used for verifying the identity information and the authority of the applicant applying for access by utilizing the security gateway;
the behavior auditing module is used for recording the access request behavior and formatting an output behavior rule;
and the safety protection module is used for judging the legality of the content requested to be accessed, alarming the illegal content and terminating the access.
Further, the obtaining module comprises: an authentication unit, an authentication unit and a communication encryption unit,
the authentication unit is used for executing the following steps:
acquiring identity information of a requester who applies for accessing a target website;
returning a public key certificate of a security gateway according to the identity information of the applicant;
verifying whether the target website requested to be accessed is legal or not by judging the validity of the public key certificate;
if the public key certificate is valid, the legal verification is passed, and encrypted communication is established; otherwise, the legal verification fails, and the communication is terminated;
the authentication unit is used for executing the following steps:
acquiring a security authentication certificate and an authority identification of a requester;
performing authority authentication according to the security authentication certificate and the authority identification, and if the security authentication certificate is valid and has the authority of accessing a target website, acquiring an access public key;
and the communication encryption unit is used for establishing encrypted communication to acquire the access request of the target website.
The invention has the advantages that:
1. according to the invention, the security gateway is deployed at the access entrance of the target website, the security authentication certificate is deployed on the PC client, and the mode of verifying the certificate and the certificate identity authority identification of the security website is adopted, so that the access authority control of the employee client identity to the target service system is realized under the condition that an enterprise does not change a network structure and a service system code, the defects of the traditional login based on a user name/password mode in the security aspects of authentication and the like are effectively overcome, and the enterprise information security management efficiency is improved.
2. The invention is provided with a series of functions such as encrypted communication, identity authentication, behavior audit, safety protection and the like, and each functional module only allows authorized and legal identity information flow to access a target application through a security gateway through cooperative work and logic judgment, and rejects network requests of unauthorized and illegal identities; the security gateway has strong deployment compatibility, is suitable for the traditional PC and the mobile terminal, and is greatly convenient for enterprise information security management. 3.
Drawings
For a more complete understanding of the objects, features and advantages of the present invention, reference is now made to the following detailed description of the preferred embodiments of the invention, taken in conjunction with the accompanying drawings, in which:
FIG. 1 is a flowchart illustrating a first embodiment of a method for enhanced identity authentication and authorization according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a second embodiment of a method for identity enhanced authentication and authorization according to the present invention;
FIG. 3 is a block diagram of a first embodiment of an identity-enhanced authentication and authorization apparatus according to the present invention;
fig. 4 is a schematic diagram of a second embodiment of an identity-enhanced authentication and authorization apparatus according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the order between the steps in the embodiments of the present invention may be adjusted, and is not necessarily performed in the order illustrated below.
Fig. 1 is a schematic flowchart of a first embodiment of an identity-enhanced authentication and authorization method according to an embodiment of the present invention, where the identity-enhanced authentication and authorization method provided in this embodiment may be executed by an identity-enhanced authentication and authorization apparatus, which may be implemented as software or implemented as a combination of software and hardware, and may be integrated in a device where an application program and a client of an enterprise information management system are located, such as a server. As shown in fig. 1, an identity-enhanced authentication and authorization method includes the following steps:
101. and acquiring an access request of the target website.
102. And verifying the identity information and the authority of the applicant applying for access by using the security gateway, if the verification is not passed, prohibiting access, and if the verification is passed, allowing access to the target website.
103. And recording the access request behavior, and formatting an output behavior rule.
104. And judging the legality of the content requested to be accessed, alarming illegal content and terminating access.
The identity strengthening authentication and authorization method provided in the embodiment has the core idea that: and verifying and identifying the identity information and the authority of the personnel accessing the target website by using a security gateway deployed at the access entrance of the target website, monitoring the behavior of accessing the target website, finding illegal access content in time, alarming and stopping. Optionally, the identity information and the right of the person accessing the target website are verified and authenticated, and the enhanced authentication of the identity and the control of the access right can be realized by establishing encrypted communication between the client and the security gateway.
In order to protect the security of the enterprise information, the application system in the enterprise sets an access right, and only an authenticated and authorized employee can request to access the target website of the application system in the enterprise through a security authentication certificate, in this embodiment, the authorization method includes the following steps:
enterprise employees apply for accessing a target website through an enterprise OA system (enterprise automation office system), such as accessing application systems of Wiki, Git, REP and the like of a company, the enterprise OA system is linked with a CA management system through an API (application programming interface), a corresponding SSL (secure sockets layer) security authentication certificate is generated according to employee identity information, the certificate is used for identifying the uniqueness of employee identities, and meanwhile, the CA management system synchronizes the security authentication certificate and authority information applying for accessing the target website into a database for storage, so that authority identification and verification of the identity information and the authority are performed when accessing the target website. After the data is successfully maintained, the CA management system issues and notifies the employee of the generated digital certificate in which the security authentication certificate and the right to access the target website are recorded, the employee needs to install the certificate to the client, and the client can be an application program installed in a terminal of an electronic device such as a computer or a mobile phone.
After the digital certificate is installed at the client, the employee accesses a target website of an enterprise application system (including Wiki, Git, REP, etc.) through a terminal device (electronic device such as a computer or a mobile phone, etc.) bearing the client. Firstly, a security gateway is deployed at an access entrance of a target website, an access request of the target website sent by an employee client is obtained through encrypted communication, after the security gateway receives the access request, identity information and authority verification are carried out on a requester applying for access, if the verification is not passed, the access is forbidden, and if the verification is passed, the access to the target website is allowed. The identity information and the authority verification of the applicant applying for the access comprise two aspects, on one hand, the employee on duty state is contained in the identity information of the enterprise employee, and in the identity verification process, if the employee identity information requesting for accessing the target website is wrong or the current identity of the employee is a leave-employee, the employee is forbidden to access the target website, and a friendly prompt is returned, and the current identity cannot log in the system or prompt the employee to leave the job. On the other hand, whether the security authentication certificate corresponding to the identity information of the employee is consistent with the authority of accessing the target website or not and whether the authorization certificate is expired or not are required to be checked, if the security authentication certificate corresponding to the identity information of the employee is inconsistent with the authority of accessing the target website or the authorization certificate is expired, the employee is prohibited from accessing the target website, a friendly prompt is returned, and the certificate is expired or login information is replaced.
Meanwhile, the behavior of the employee requesting to access the target website is recorded, and the accessed behavior rule is output in a formatted mode, so that the accessed condition and the accessed record of the enterprise application system can be conveniently checked at any time, and the information leakage risk is reduced. It should be noted that the access behavior in this embodiment includes: the behavior of the employee logging in the application system, the operation behavior after entering the application system, and the like. The behavior rules in this embodiment include information such as employee ID, mailbox, name, SSL certificate protocol version number of the target website accessed by the employee, encryption algorithm type, and random number.
In the process of auditing and recording the access behavior of the employee, the legality of the access content requested by the employee needs to be judged, and if the content requested by the employee or the information in the system possibly causes system information leakage or has aggressivity (for example, system data is damaged) to an application system, an alarm is given and the access to the corresponding content is terminated.
Fig. 2 is a schematic flow chart of a second embodiment of an identity-enhanced authentication and authorization method in an embodiment of the present invention, and as shown in fig. 2, on the basis of the embodiment shown in fig. 1, in step 101, a process of obtaining an access request of a target website may be implemented by the following steps:
when an employee is used as a requester for applying for accessing a target website, when accessing the target website of an enterprise application system through a client, identity information including information such as an employee security authentication certificate and authority for accessing the target website is firstly sent to a security gateway through the client, and the identity information specifically includes information such as an employee ID, a mailbox, a name, an SSL security authentication certificate protocol version number, an encryption algorithm type, a random number and the like. After obtaining the identity information of the staff, the security gateway analyzes the identity information of the staff and identifies the access authority. Specifically, the security gateway acquires identity information including information such as employee security authentication certificates and authority for accessing target websites, correspondingly returns information such as SSL security authentication certificate protocol version numbers, encryption algorithm types, random numbers and the like to the client according to the identity information of requesters and the target websites to be accessed, and also returns CA certificates of the security gateway, namely public key certificates. And the client verifies the legality of the target website by using the information returned by the security gateway. The validity verification contents include:
verifying whether a certificate corresponding to the SSL security authentication certificate protocol version number returned by the security gateway is expired;
verifying whether a CA certificate of the security gateway is reliable; verifying whether the public key returned by the security gateway can correctly unlock the digital signature returned to the CA certificate;
and verifying whether the domain name on the security gateway CA certificate is matched with the actual domain name of the target website server.
If all the verification passes, the target website requested to be accessed is legal, the communication between the client and the security gateway is continued, and the encrypted communication is continuously established; otherwise, the target website requested to be accessed is illegal, and the communication between the client and the security gateway is terminated.
In the embodiment, the access request of the target website is acquired through encrypted communication, repeated encryption, decryption and re-encryption are performed in the communication process, the identity of a requester is further strengthened and authenticated, the access authority is further identified, the security of enterprise information access is improved, and the information leakage risk is effectively controlled. The way of establishing encrypted communication in this example is achieved by the following steps:
the security gateway requires the client to send the security authentication certificate and the authority identification of the employee, the client can send the security authentication certificate of the client to the server of the security gateway, the server of the security gateway obtains the security authentication certificate and the authority identification of the applicant and then carries out authority identification on the security authentication certificate, and if the security authentication certificate of the employee has the authority of accessing a target website, the security gateway can obtain an access public key of the client. And simultaneously, the client sends a symmetric encryption scheme which can be supported by the client to the security gateway for the security gateway to select, the security gateway selects an encryption mode with the highest encryption degree from the symmetric encryption schemes provided by the client, encrypts the symmetric encryption scheme by using the previously acquired access public key, and generates a ciphertext of the symmetric encryption scheme to return to the client. After receiving the cipher text of the encryption scheme returned by the security gateway, the client decrypts the cipher text by using the private key of the client, acquires the encryption mode of the cipher text from the security gateway, generates a random code as a key in the cipher text encryption process, encrypts the random code key by using the public key in the public key certificate of the security gateway, and returns the encrypted random code key to the client.
Through the encryption communication, after receiving the application information of requesting to access the target website, the security gateway decrypts the application information by using the private key of the security gateway, and obtains the key of the symmetric encryption scheme in the communication encryption process, and in the process that the next employee accesses the target website to generate communication between the security gateway and the client, the security gateway and the client can use the key to perform symmetric encryption, so that the information security in an application system in the communication process is ensured.
An identity enhanced authentication and authorization apparatus according to one or more embodiments of the present invention will be described in detail below. Those skilled in the art will appreciate that these identity-enhanced authentication and authorization means may be constructed using commercially available hardware components configured by the steps taught in the present scheme.
Fig. 3 is a schematic diagram of a first embodiment of an identity-enhanced authentication and authorization apparatus according to the present invention, as shown in fig. 3, the apparatus includes: the system comprises an acquisition module 201, a verification module 202, a behavior audit module 203 and a safety protection module 204.
The obtaining module 201 is configured to obtain an access request of a target website.
And the verification module 202 is configured to verify the identity information and the authority of the applicant applying for access by using the security gateway.
And the behavior auditing module 203 is used for recording the access request behavior and formatting an output behavior rule.
And the security protection module 204 is configured to perform validity judgment on the content requested to be accessed, alarm the illegal content, and terminate the access.
The apparatus shown in fig. 3 can perform the method of the embodiment shown in fig. 1, and the parts not described in detail in this embodiment can refer to the related description of the embodiment shown in fig. 1. The implementation process and technical effect of the technical solution refer to the description in the embodiment shown in fig. 1, and are not described herein again.
Fig. 4 is a schematic diagram of a framework of a second embodiment of an identity-enhanced authentication and authorization apparatus according to an embodiment of the present invention, as shown in fig. 4, based on the embodiment shown in fig. 3, the obtaining module 201 includes: an authentication unit 211, an authentication unit 212, and a communication encryption unit 213.
An authentication unit 211, configured to perform the following steps:
acquiring identity information of a requester who applies for accessing a target website; returning a public key certificate of a security gateway according to the identity information of the applicant; verifying whether the target website requested to be accessed is legal or not by judging the validity of the public key certificate; if the public key certificate is valid, the legal verification is passed, and encrypted communication is established; otherwise, the legal verification fails and the communication is terminated.
An authentication unit 212, configured to perform the following steps: acquiring a security authentication certificate and an authority identification of a requester; and performing authority authentication according to the security authentication certificate and the authority identification, and if the security authentication certificate is valid and has the authority of accessing the target website, acquiring an access public key.
A communication encryption unit 213, configured to establish encrypted communication to obtain the access request of the target website.
The apparatus shown in fig. 4 can perform the method of the embodiment shown in fig. 2, and the parts not described in detail in this embodiment can refer to the related description of the embodiment shown in fig. 2. The implementation process and technical effect of the technical solution refer to the description in the embodiment shown in fig. 2, and are not described herein again.
The identity enhanced authentication and authorization apparatus described above is only exemplary, wherein the units described as separate parts may or may not be physically separate, and some or all of the modules may be selected according to actual needs to achieve the purpose of the embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The foregoing describes the internal functions and mechanisms of an identity enhanced authentication and authorization apparatus, which in one possible design may be implemented as an electronic device, such as a server, that may include: a processor and a memory. Wherein the memory is used for storing a program for supporting the identity-enhanced authentication and authorization apparatus to execute an identity-enhanced authentication and authorization method provided in any of the above embodiments, and the processor is configured to execute the program stored in the memory.
The program comprises one or more computer instructions which, when executed by the processor, are capable of implementing the method steps as described in any of the embodiments shown in fig. 1 or fig. 2.
Finally, it should be noted that the above embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same, and although the present invention is described in detail with reference to the foregoing embodiments, the person of ordinary skill in the art should understand that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the present invention.
Claims (4)
1. An identity enhanced authentication and authorization method, comprising:
acquiring an access request of a target website;
verifying the identity information and the authority of a requester applying for access by using the security gateway, if the verification is not passed, prohibiting the access, and if the verification is passed, allowing the access to the target website;
recording the access request behavior, and formatting an output behavior rule;
judging the legality of the content requested to be accessed, alarming illegal content and stopping access;
acquiring identity information of a requester who applies for accessing a target website;
returning a public key certificate of a security gateway according to the identity information of the applicant;
verifying whether the target website requested to be accessed is legal or not by judging the validity of the public key certificate;
if the public key certificate is valid, the legal verification is passed, and encrypted communication is established; otherwise, the legal verification fails, and the communication is terminated;
the identity information of the applicant and the public key certificate of the security gateway comprise information corresponding to each other, wherein the identity information of the applicant comprises the following information for identifying the identity of the applicant: employee ID, mailbox, name, security authentication certificate protocol version number, encryption algorithm type and random number; the public key certificate of the security gateway comprises the following components for accessing website information: the security authentication certificate comprises a security authentication certificate protocol version number, an encryption algorithm type, a random number and a communication certificate of a security gateway;
the method for establishing encrypted communication is realized by the following steps:
the security gateway requires a client to send a security authentication certificate and an authority identification, the client can send the security authentication certificate of the client to a server of the security gateway, the server of the security gateway acquires the security authentication certificate and the authority identification of a requester and then carries out authority identification, if the security authentication certificate has the authority of accessing a target website, the security gateway obtains an access public key of the client, the client sends a symmetric encryption scheme which can be supported by the client to the security gateway for selection by the security gateway, the security gateway selects an encryption mode with the highest encryption degree from the symmetric encryption schemes provided by the client and encrypts the symmetric encryption scheme by using the previously acquired access public key to generate a ciphertext of the symmetric encryption scheme to be returned to the client, and the client decrypts by using a private key of the client after receiving the ciphertext of the encryption scheme returned by the security gateway, acquiring an encryption mode of a ciphertext from the security gateway, generating a random code as a key in the ciphertext encryption process, encrypting the random code key by using a public key in a public key certificate of the security gateway, and returning the random code key to the client;
through the encryption communication, after receiving the application information of requesting to access the target website, the security gateway decrypts the application information by using the private key of the security gateway, obtains the key of the symmetric encryption scheme in the communication encryption process, and in the process of accessing the target website to generate communication between the security gateway and the client, the security gateway and the client can use the key to perform symmetric encryption, so that the information security in an application system in the communication process is ensured.
2. The identity-enhanced authentication and authorization method of claim 1, wherein the verifying identity information and authority of the requester applying for access by using the security gateway comprises:
checking whether the identity information of the applicant is wrong or not, wherein the applicant with wrong identity information forbids to access the target website;
and checking whether the safety authentication certificate corresponding to the identity information of the applicant is overdue or not, wherein the applicant with the overdue safety authentication certificate forbids to access the target website.
3. The identity-enhanced authentication and authorization method of claim 1, wherein the determining the validity of the content requested to be accessed comprises:
adopting semantic-based analysis to judge whether the content requested to be accessed has an attack behavior, and if the content requested to be accessed relates to the attack behavior, considering the content as illegal content; and if the content requested to be accessed does not have the attack behavior, the content is regarded as safe access content.
4. The identity-enhanced authentication and authorization method of claim 1, further comprising, before deploying the security gateway at the destination website access portal:
respectively generating a security authentication certificate and a right to access a target website aiming at each identity information; and generating a digital certificate for installing at the client according to the security authentication certificate and the authority for accessing the target website.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910092700.0A CN109787988B (en) | 2019-01-30 | 2019-01-30 | Identity strengthening authentication and authorization method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910092700.0A CN109787988B (en) | 2019-01-30 | 2019-01-30 | Identity strengthening authentication and authorization method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109787988A CN109787988A (en) | 2019-05-21 |
| CN109787988B true CN109787988B (en) | 2020-01-07 |
Family
ID=66503725
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910092700.0A Active CN109787988B (en) | 2019-01-30 | 2019-01-30 | Identity strengthening authentication and authorization method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109787988B (en) |
Families Citing this family (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110138568A (en) * | 2019-07-02 | 2019-08-16 | 云深互联(北京)科技有限公司 | Intranet access method and system |
| CN110611725B (en) * | 2019-09-16 | 2022-06-03 | 腾讯科技(深圳)有限公司 | Node access method, node access device, computer equipment and storage medium |
| CN110830459A (en) * | 2019-10-25 | 2020-02-21 | 云深互联(北京)科技有限公司 | Stealth security agent access method, gateway terminal, client and equipment |
| CN111160740A (en) * | 2019-12-19 | 2020-05-15 | 上海赛可出行科技服务有限公司 | Network taxi appointment risk control system and control method |
| CN111327634B (en) * | 2020-03-09 | 2023-02-03 | 深信服科技股份有限公司 | Website access supervision method, secure socket layer agent device, terminal and system |
| CN112039857B (en) * | 2020-08-14 | 2022-05-13 | 苏州浪潮智能科技有限公司 | Calling method and device of public basic module |
| CN112383557B (en) * | 2020-11-17 | 2023-06-20 | 北京明朝万达科技股份有限公司 | Safety access gateway and industrial equipment communication management method |
| CN112416528B (en) * | 2020-12-04 | 2024-03-22 | 福建福诺移动通信技术有限公司 | Method for realizing non-invasive micro service interface safety call |
| CN114696999A (en) * | 2020-12-26 | 2022-07-01 | 西安西电捷通无线网络通信股份有限公司 | Identity authentication method and device |
| CN112994894B (en) * | 2021-02-26 | 2023-12-08 | 中国工商银行股份有限公司 | Gateway-based single-thread request processing method and information verification AGENT |
| CN113420273A (en) * | 2021-06-28 | 2021-09-21 | 国网山东省电力公司电力科学研究院 | Multi-feature acquisition identity verification method and system based on Internet of things |
| CN113596004B (en) * | 2021-07-22 | 2023-06-20 | 支付宝(杭州)信息技术有限公司 | Identity authentication method and device in multiparty security calculation |
| CN114157503A (en) * | 2021-12-08 | 2022-03-08 | 北京天融信网络安全技术有限公司 | Access request authentication method and device, API gateway equipment and storage medium |
| CN114520735B (en) * | 2022-01-18 | 2023-10-31 | 福建亿榕信息技术有限公司 | User identity authentication method, system and medium based on trusted execution environment |
| CN114726606B (en) * | 2022-03-31 | 2023-03-24 | 北京九州恒盛电力科技有限公司 | User authentication method, client, gateway and authentication server |
| CN115442807B (en) * | 2022-11-10 | 2023-02-07 | 之江实验室 | User security improving method and device for 5G system |
| CN116633690B (en) * | 2023-07-24 | 2023-09-26 | 北京易核科技有限责任公司 | Communication system, method, equipment and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN200962603Y (en) * | 2006-07-27 | 2007-10-17 | 公安部第三研究所 | A trustable boundary security gateway |
| CN103269343B (en) * | 2013-05-21 | 2017-08-25 | 福建畅云安鼎信息科技有限公司 | Business datum safety control platform |
| CN104022924A (en) * | 2014-07-02 | 2014-09-03 | 浪潮电子信息产业股份有限公司 | Method for detecting HTTP (hyper text transfer protocol) communication content |
| CN104468532A (en) * | 2014-11-19 | 2015-03-25 | 成都卫士通信息安全技术有限公司 | Network resource access control method for cross-multistage network boundaries |
-
2019
- 2019-01-30 CN CN201910092700.0A patent/CN109787988B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN109787988A (en) | 2019-05-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109787988B (en) | Identity strengthening authentication and authorization method and device | |
| US11831642B2 (en) | Systems and methods for endpoint management | |
| CN108684041B (en) | System and method for login authentication | |
| CN111147255B (en) | Data security service system, method and computer readable storage medium | |
| CN101227468B (en) | Method, device and system for authenticating user to network | |
| CN100438421C (en) | Method and system for conducting user verification to sub position of network position | |
| US6510523B1 (en) | Method and system for providing limited access privileges with an untrusted terminal | |
| US8776214B1 (en) | Authentication manager | |
| CN109005155B (en) | Identity authentication method and device | |
| KR100621420B1 (en) | Network connection system | |
| CN106559408B (en) | SDN authentication method based on trust management | |
| JP6963609B2 (en) | Transparency Multi-Factor Authentication and Security Initiatives Systems and Methods for Posture Checks | |
| KR101451359B1 (en) | User account recovery | |
| CN112671779B (en) | DoH server-based domain name query method, device, equipment and medium | |
| CN106161348B (en) | Single sign-on method, system and terminal | |
| US9160545B2 (en) | Systems and methods for A2A and A2DB security using program authentication factors | |
| CN101321064A (en) | Information system access control method and apparatus based on digital certificate technique | |
| CN109688133A (en) | It is a kind of based on exempt from account login communication means | |
| CN111800378A (en) | Login authentication method, device, system and storage medium | |
| JP2007280393A (en) | Device and method for controlling computer login | |
| CN111399980A (en) | Safety authentication method, device and system for container organizer | |
| KR20220167366A (en) | Cross authentication method and system between online service server and client | |
| Osman et al. | Proposed security model for web based applications and services | |
| CN116668190A (en) | Cross-domain single sign-on method and system based on browser fingerprint | |
| CN105743883B (en) | A kind of the identity attribute acquisition methods and device of network application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Liu Bo Inventor after: Huang Han Inventor after: Ding Jingyan Inventor before: Huang Han |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |