CN110084031B - Method for security authentication of information system account with customizable authentication logic - Google Patents
Method for security authentication of information system account with customizable authentication logic Download PDFInfo
- Publication number
- CN110084031B CN110084031B CN201910335709.XA CN201910335709A CN110084031B CN 110084031 B CN110084031 B CN 110084031B CN 201910335709 A CN201910335709 A CN 201910335709A CN 110084031 B CN110084031 B CN 110084031B
- Authority
- CN
- China
- Prior art keywords
- authentication
- information system
- user
- data source
- account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/25—Integrating or interfacing systems involving database management systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method for safety authentication of an information system account with customizable authentication logic, which comprises the following steps: first step, authentication source verification: when the information system account security authentication platform receives the information of the authentication request of the authentication source client, verifying the authentication source client; secondly, detecting a security baseline of the account: the information system account security authentication platform detects whether a user account password meets the requirements; thirdly, authenticating a data source: the information system account security authentication platform compares whether the corresponding specified data source is matched with the account password information; step four, authentication recording and auditing: in case that the above steps are successfully passed, the information system account security authentication platform will send out an access permission response, which indicates that the user request is authenticated. The invention upgrades the authentication modes of all information systems from a laggard local authentication system to an advanced uniform authentication mode, unifies account information and reduces the security risk of enterprise accounts.
Description
Technical Field
The invention belongs to the technical field of information system security authentication, relates to a method for security authentication of an information system account with customizable authentication logic, and particularly relates to a method for security authentication of an information system account based on customizable authentication logic, which is suitable for large-scale organizations with relatively complex information system architectures.
Background
A plurality of account systems exist in a unified way in the information construction process of large enterprise organizations. Because of various historical reasons, the account systems cannot be uniformly subjected to identity authentication, so that a large number of newly-built information systems are created; wiFi, VPN authentication and the like need to be provided with another independent system account system.
As enterprise organization personnel, account numbers and passwords of each system need to be remembered for work needs. The user is tired of maintaining various account passwords, and obstacles are caused to the quick popularization and application of enterprise informatization, and the island independent account authentication system also buries accident roots for account safety due to the fact that the safety baseline standard is different in height.
Therefore, how to solve the above-mentioned drawbacks of the prior art becomes the direction of the skilled person in this field.
Disclosure of Invention
The invention aims to: the method for the information system account safety authentication with the customizable authentication logic is provided by combining the problems that the user identity database systems of large enterprise institutions are not unified during construction of the unified identity authentication platform, only a local database authentication mode can be used, and the authentication logic is rigid and cannot be self-edited and customized, so that the defects of the prior art can be completely overcome.
The purpose of the invention is realized by the following technical scheme: the information system account security authentication platform comprises an authentication source verification module, an account security baseline detection module, an authentication data source authentication module and an authentication record and audit module.
The information system account security authentication platform is connected with an enterprise information system through a standard authentication protocol, the information system account security authentication platform is connected with an enterprise mailbox user database source through a POP3 protocol, the information system account security authentication platform is connected with an enterprise ERP user database source through an LDAP protocol, and the information system account security authentication platform is connected with a human resource database source through an HTTP protocol. The information system account safety authentication platform can self-edit authentication data sources, such as an enterprise ERP user database source, an enterprise mailbox user database source or an enterprise human resource database source and the like, according to the actual requirements of a user; self-defining account security authentication logic, if the weak password is not authenticated; the authentication mode of all information systems is upgraded from a laggard local authentication system to an advanced unified authentication mode, such as secret encryption without passing authentication for a long time or authentication without passing authentication after multiple times of authentication failure in a short time.
The information system account security authentication method comprises the following steps:
first step, authentication source verification:
when the information system account safety certification platform receives the information of the certification request of the certification source client, the certification source client is verified; firstly, checking whether the IP address of the authentication source client is recorded on a platform, if not, rejecting the authentication request of the client, and if so, further verifying whether the preset shared key submitted by the client is consistent with the platform, and if not, rejecting the authentication request of the client; if yes, entering the next step;
secondly, detecting a security baseline of the account:
the information system account security authentication platform detects whether a user account password meets the requirements; if the user request is not valid, the information system account security authentication platform sends an access refusal response to indicate that the user request is invalid; meanwhile, inserting a text message containing the reason factors of the non-conformity of the security policy into the access rejection response, and displaying the text message to the user through the client; if yes, entering the next step;
thirdly, authenticating a data source:
a user edits an authentication data source strategy according to actual requirements of the user, and the information system account security authentication platform compares the corresponding specified data source with account password information to determine whether the account password information is in accordance; if the user request is not valid, the information system account security authentication platform sends a response of access refusal to indicate that the user request is invalid; meanwhile, inserting a text message containing the reason factor of the non-conformity of the security policy in the access rejection response, and displaying the text message to the user through the client; if yes, entering the next step;
step four, authentication recording and auditing:
under the condition that the steps are successfully passed, the information system account security authentication platform sends out an access permission response to indicate that the user request is authenticated; and calling a local log retention submodule to store the record of the authentication in a local authentication audit database, and calling a remote log retention submodule to push the remote log retention submodule to a log server through a SYSLOG protocol to carry out remote evidence retention.
As one preferable mode, the authentication source verification module comprises an authentication IP source record checking sub-module and a network communication encryption authentication sub-module.
Preferably, the network communication encryption authentication submodule is called to encrypt the communication and start an authentication mechanism in the first communication process, the authentication code is used in the authentication process, and the authentication code is a random number of 16 bytes in the access request data packet.
As one of the preferable modes, the account security baseline detection module is arranged in the information system account security authentication platform system, and comprises: the password locking system comprises a password complexity checking submodule, a password length minimum checking submodule, a password longest service life checking submodule, a forced password history safety checking submodule and an account locking threshold checking submodule.
As one of the preferable modes, the account security baseline detection module further comprises a custom baseline detection submodule; the user calls the custom baseline check submodule according to the actual condition of the user, customizes the account security baseline detection strategy, codes the verification logic according to a custom template function, uploads the result to the system after the verification logic is finished, and the system can be recorded in a security baseline detection strategy library for the user to select.
As one preferable mode, the authentication data source authentication module includes: the system comprises a mail protocol data source sub-module, a remote database data source sub-module, an LDAP data source sub-module and a self-editing data source sub-module; wherein: the mail protocol data source sub-module supports the completion of a user authentication request through a mailbox account data source; the remote database data source submodule is used for a user to interface remote MySQL, SQLServer and Oracle databases; the LDAP data source submodule is used for butting the lightweight directory access protocol data source.
As one of the preferable modes, the self-editing data source submodule is used for a user to encode the data source authentication logic according to a self-defined template function by using a python coding language according to the actual situation of the user, and the encoded data source authentication logic is uploaded to a system platform after the encoding is completed, and the system platform can be recorded into an authentication data source library for the user to select.
Preferably, the authentication recording and auditing module comprises a local log retention submodule and a remote log retention submodule.
As one of the preferable modes, the information system account safety authentication platform is connected with an enterprise information system through a standard authentication protocol, the information system account safety authentication platform is connected with an enterprise mailbox user database source through a POP3 protocol, the information system account safety authentication platform is connected with an enterprise ERP user database source through an LDAP protocol, and the information system account safety authentication platform is connected with a human resource database source through an HTTP protocol.
Compared with the prior art, the invention has the beneficial effects that: according to the method for the information system account safety authentication with customizable authentication logic, the authentication data source, such as an enterprise ERP user database source, an enterprise mailbox user database source or an enterprise human resource database source, is self-edited by an information system account safety authentication platform according to the actual requirements of a user; self-defining account security authentication logic, such as that a weak password is not authenticated, secret is changed for a long time and authentication is not passed, or authentication is not passed after multiple authentication failures in a short time and the like; all information system authentication modes are upgraded from a laggard local authentication system to an advanced unified authentication mode, account information is unified, and enterprise account security risks are reduced.
Drawings
Fig. 1 is a schematic diagram of deployment and use of an information system account security authentication platform according to the present invention.
Fig. 2 is a schematic diagram of an account security authentication platform module of an information system according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1 and fig. 2, a method for security authentication of an account of an information system with customizable authentication logic includes an authentication source verification module, an account security baseline detection module, an authentication data source authentication module, and an authentication record and audit module; the information system account security authentication method comprises the following steps:
first step, authentication source verification:
when the information system account security authentication platform receives the information requesting for the authentication request, the information system account security authentication platform calls an authentication IP source record checking sub-module to verify the client side transmitting the information. Firstly, checking whether the IP address of the authentication source client is recorded on the platform, if not, rejecting the authentication request of the client, and then verifying whether the preset shared key submitted by the client is consistent with the platform, if not, rejecting the data packet.
In the first communication process, a network communication encryption and authentication sub-module is called to encrypt communication and start an authentication mechanism, so that data is prevented from being tampered by a third party in the network transmission process, an authentication code is used in the authentication process, and in an Access-Request (Access-Request) data packet, the authentication code is a random number of 16 bytes, which is called a Request authentication code. This value should be unpredictable and unique throughout the life cycle of the authentication process, as having repeated request values of the same password gives the hacker the opportunity to reply to the user with an intercepted response. Because the same secret can be used in the verification of servers in different geographic regions, the request authentication domain should have temporary uniqueness. In order to prevent the data in the data packet from being intercepted and tampered, the response authentication code is generated in the following way: responseAuth = MD5 (Code + ID + Length + RequestAuth + Attributes + Secret). The response discrimination code is a 16-byte index generated by performing MD5 operation on the whole data packet, and prevents the response of the server from being forged.
During transmission, the Password is hidden, firstly, the authentication client fills the Password with null (0 x 00) to be an integral multiple of 16 bytes long, then MD5 encryption is carried out on a byte stream which is added with a shared key after a request authentication word to generate a hash value, the hash value and the first 16 bytes of the Password are subjected to XOR, and then the result is put into the first 16 bytes of a User-Password attribute. If the cipher length exceeds 16 characters, then MD5 encrypting the byte stream with the first XOR value and the shared key to generate a hash value. The hash value is xored with the second 16 bytes of the cipher and the xor value is then placed in the second 16 bytes of the User-Password attribute. This operation is repeated, if necessary, and each xor value is followed by the shared key to generate the next hash value, which is then xored with the 16 bytes of the next segment of the cipher. The password cannot exceed 128 characters at the longest.
For example: the shared secret is S, the request authentication code is RA, the password is split into 16-byte blocks p1, p2, and so on.
The last block is filled with null (/ 0) 16 bytes, the cipher blocks are c (1), c (2), and so on. The median values are b1, b2, etc.
b1=MD5(S+RA)c(1)=p1 xor b1
b2=MD5(S+c(1))c(2)=p2 xor b2
……
bi=MD5(S+c(i-1))c(i)=pi xor bi
The User-passed attribute string is c (1) + c (2) +.. C (i), + represents a connection.
If any of the above conditions is not satisfied, the information system account security authentication platform will issue an Access-Reject (Access-Reject) response, which indicates that the user request is invalid. If required, the information system account security authentication platform can include a text message in the access rejection response, and the text message can be displayed to the user through the client.
Secondly, detecting a security baseline of the account:
the user can define an account security baseline policy according to the actual requirements of the user, the information system account security authentication platform can detect whether the user account password meets the policy requirements from top to bottom in sequence, and if the user account password does not meet the policy requirements, the information system account security authentication platform can send an Access-Reject (Access-Reject) response to indicate that the user request is invalid. And simultaneously, inserting a text message containing the reason factor of the non-conformity of the security policy into the access rejection response, wherein the text message can be displayed to the user through the client.
An account security authentication platform of an information system embeds an account security baseline which is common in the industry into the system, and the embedded sub-modules are as follows:
meanwhile, the user can call the user-defined account safety baseline detection strategy of the user-defined baseline check submodule according to the actual condition of the user, the verification logic is coded by using a python coding language according to the user-defined template function, and the verification logic is uploaded to the system after being coded, and the system can be recorded into a safety baseline detection strategy library for the user to select.
Thirdly, authenticating a data source:
the user can edit the authentication data source strategy according to the actual requirement of the user, the information system account security authentication platform can compare whether the account password information is in accordance with the corresponding specified data source, if not, the information system account security authentication platform can send an Access-Reject response to indicate that the user request is invalid. And simultaneously, inserting a text message containing the reason factor of the non-conformity of the security policy into the access rejection response, wherein the text message can be displayed to the user through the client.
The information system is internally provided with an receiving protocol supported by an industrial mailbox, recompilation is carried out on the protocol, the user account authentication logic is extracted, a mail protocol data source submodule is formed, and the completion of a user authentication request through a mailbox account data source is supported.
The mail receiving command consists of a command and some parameters. All commands end with one CRLF pair. Commands and parameters consist of printable ASCII characters with a space between them. Commands are typically three to four letters, but each parameter can be up to 40 characters long.
The mail in response consists of a status code and a command possibly followed by additional information. All responses are also terminated by CRLF pairs, now with two status codes, "OK" ("+ OK") and "fail" ("-ERR").
Initially, the information system account security authentication platform establishes a TCP connection with the mail server host.
After the connection is established, the mail server host sends an acknowledgement message as follows:
S:+OK POP3 server ready
the message indicates that the mail server is ready to receive account password information of the information system account security authentication platform. At this time, the information system account security authentication platform firstly sends a USER command, and if the mail server responds with a 'confirmation' status code, the information system account security authentication platform can send a PASS command to complete confirmation or send a QUIT command to terminate the mail authentication session. If the POP3 server returns a 'failure' status code, the information system account security authentication platform can send a confirmation command or send a QUIT command.
The information system account security authentication platform and the mail server exchange commands and responses with each other, and the process is continued until the connection is terminated after the authentication is completed.
Meanwhile, the system is internally provided with a remote database data source submodule for user to interface remote MySQL, SQLServer and Oracle databases; the built-in LDAP data source submodule is used for butting the lightweight directory access protocol data source. Meanwhile, a user can call a self-editing data source submodule to customize a data source authentication strategy according to the actual situation of the user, data source authentication logic is encoded by using a python encoding language according to a customized template function, the data source authentication logic is uploaded to a system after the data source authentication logic is completed, and the system can be recorded into an authentication data source library for the user to select.
Step four, authentication recording and auditing:
in case that the above steps are successfully passed, the information system account security authentication platform will send an Access-Accept response, which indicates that the user request is authenticated. And calling the local log retention sub-module to store the record of the authentication in a local authentication audit database, and calling the remote log retention sub-module to push the record to a log server through a SYSLOG protocol to carry out remote evidence retention.
The above description is intended to be illustrative of the preferred embodiment of the present invention and should not be taken as limiting the invention, but rather, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.
Claims (6)
1. A method for security authentication of an information system account with customizable authentication logic comprises an information system account security authentication platform, and is characterized in that: the information system account security authentication platform comprises an authentication source verification module, an account security baseline detection module, an authentication data source authentication module and an authentication record and audit module; the information system account security authentication method comprises the following steps:
first step, authentication source verification:
when the information system account security authentication platform receives the information of the authentication request of the authentication source client, verifying the authentication source client; firstly, checking whether the IP address of the authentication source client is recorded on a platform, if not, rejecting the authentication request of the client, and if so, further verifying whether the preset shared key submitted by the client is consistent with the platform, and if not, rejecting the authentication request of the client; if yes, entering the next step;
secondly, detecting a security baseline of the account:
the information system account security authentication platform detects whether a user account password meets the requirements; if the user request is not valid, the information system account security authentication platform sends an access refusal response to indicate that the user request is invalid; meanwhile, inserting a text message containing the reason factors of the non-conformity of the security policy into the access rejection response, and displaying the text message to the user through the client; if yes, entering the next step;
thirdly, authenticating a data source:
a user edits an authentication data source strategy according to actual requirements of the user, and the information system account security authentication platform compares a corresponding specified data source with account password information to determine whether the account password information is in accordance with the data source; if the user request is not valid, the information system account security authentication platform sends an access refusal response to indicate that the user request is invalid; meanwhile, inserting a text message containing the reason factors of the non-conformity of the security policy in the access rejection response, and displaying the text message to the user through the client; if yes, entering the next step;
step four, authentication recording and auditing:
under the condition that the steps are successfully passed, the information system account security authentication platform sends out an access permission response to indicate that the user request is authenticated; calling a local log retention submodule to store the record of the authentication in a local authentication audit database, and calling a remote log retention submodule to push the remote log retention submodule to a log server through a SYSLOG protocol to retain the remote evidence;
the authentication source verification module comprises an authentication IP source record checking sub-module and a network communication encryption identification sub-module; in the first communication process, a network communication encryption authentication submodule is called to encrypt communication and start an authentication mechanism, an authentication code is used in the authentication process, and in an access request data packet, the authentication code is a random number of 16 bytes;
wherein: the account security baseline detection module is arranged in an information system account security authentication platform system and comprises: the password locking system comprises a password complexity checking submodule, a password length minimum checking submodule, a password longest service life checking submodule, a forced password history safety checking submodule and an account locking threshold checking submodule.
2. The method for security authentication of the information system account with the customizable authentication logic according to claim 1, wherein the method comprises the following steps: the account security baseline detection module also comprises a custom baseline detection submodule; the user calls the custom baseline check submodule according to the actual condition of the user, customizes the account security baseline detection strategy, codes the verification logic according to a custom template function, uploads the result to the system after the verification logic is finished, and the system can be recorded in a security baseline detection strategy library for the user to select.
3. The method for security authentication of the information system account with the customizable authentication logic according to claim 1, wherein the method comprises the following steps: the authentication data source authentication module includes: the system comprises a mail protocol data source submodule, a remote database data source submodule, an LDAP data source submodule and a self-editing data source submodule; wherein:
the mail protocol data source submodule supports that a user authentication request is completed through a mailbox account data source;
the remote database data source submodule is used for a user to interface remote MySQL, SQLServer and Oracle databases;
the LDAP data source submodule is used for interfacing with a lightweight directory access protocol data source.
4. The method for security authentication of the information system account with the customizable authentication logic according to claim 3, wherein the method comprises the following steps: and the self-editing data source submodule is used for encoding the data source authentication logic by using a python coding language according to a self-defined template function by a user according to the actual condition of the user, and uploading the encoded data source authentication logic to the system platform after the encoding is finished, and the system platform can be recorded into the authentication data source library for the user to select.
5. The method for security authentication of the information system account with the customizable authentication logic according to claim 1, wherein the method comprises the following steps: the authentication recording and auditing module comprises a local log retention sub-module and a remote log retention sub-module.
6. The method for the secure authentication of the information system account with the customizable authentication logic according to claim 1, characterized in that: the information system account security authentication platform is connected with an enterprise information system through a standard authentication protocol, the information system account security authentication platform is connected with an enterprise mailbox user database source through a POP3 protocol, the information system account security authentication platform is connected with an enterprise ERP user database source through an LDAP protocol, and the information system account security authentication platform is connected with a human resource database source through an HTTP protocol.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910335709.XA CN110084031B (en) | 2019-04-24 | 2019-04-24 | Method for security authentication of information system account with customizable authentication logic |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910335709.XA CN110084031B (en) | 2019-04-24 | 2019-04-24 | Method for security authentication of information system account with customizable authentication logic |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110084031A CN110084031A (en) | 2019-08-02 |
| CN110084031B true CN110084031B (en) | 2022-10-14 |
Family
ID=67416511
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910335709.XA Active CN110084031B (en) | 2019-04-24 | 2019-04-24 | Method for security authentication of information system account with customizable authentication logic |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110084031B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112532609B (en) * | 2020-11-24 | 2022-08-02 | 广州华资软件技术有限公司 | Unified identity authentication method supporting access of multiple authentication sources |
| CN114640493A (en) * | 2020-12-16 | 2022-06-17 | 网神信息技术(北京)股份有限公司 | Login control method and device, electronic equipment and storage medium |
| CN113221081A (en) * | 2021-05-25 | 2021-08-06 | 南方电网电力科技股份有限公司 | Double-factor identity authentication method and related device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103957106A (en) * | 2014-03-14 | 2014-07-30 | 韩素平 | User-defined two-way dynamic safety certification system |
| CN104539600A (en) * | 2014-12-22 | 2015-04-22 | 北京卓越信通电子股份有限公司 | Industrial control firewall implementing method for supporting filtering IEC 104 protocol |
| CN106202428A (en) * | 2016-07-13 | 2016-12-07 | 浪潮电子信息产业股份有限公司 | Management method and system for user-defined script type baseline project |
| CN106330972A (en) * | 2016-10-27 | 2017-01-11 | 成都知道创宇信息技术有限公司 | Method for protecting website password of user |
| CN109639730A (en) * | 2019-01-21 | 2019-04-16 | 北京工业大学 | Information system data interface authentication method under HTTP stateless protocol based on token |
-
2019
- 2019-04-24 CN CN201910335709.XA patent/CN110084031B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103957106A (en) * | 2014-03-14 | 2014-07-30 | 韩素平 | User-defined two-way dynamic safety certification system |
| CN104539600A (en) * | 2014-12-22 | 2015-04-22 | 北京卓越信通电子股份有限公司 | Industrial control firewall implementing method for supporting filtering IEC 104 protocol |
| CN106202428A (en) * | 2016-07-13 | 2016-12-07 | 浪潮电子信息产业股份有限公司 | Management method and system for user-defined script type baseline project |
| CN106330972A (en) * | 2016-10-27 | 2017-01-11 | 成都知道创宇信息技术有限公司 | Method for protecting website password of user |
| CN109639730A (en) * | 2019-01-21 | 2019-04-16 | 北京工业大学 | Information system data interface authentication method under HTTP stateless protocol based on token |
Non-Patent Citations (6)
| Title |
|---|
| Benchmarking user-defined security configuration of mobile devices;Daniel Vecchiato;《2016 Seventh Latin-American Symposium on Dependable Computing》;20161215;第172-175页 * |
| 一种支持流数据的查询语言;涂金德;《计算机系统应用》;20100315(第03期);第105-108页 * |
| 互联网自治域间IP源地址验证技术综述;个实离;《https://www.cnblogs.com.beyond_dxb/p/8295342.html》;20180118;全文 * |
| 使用Apache Shiro进行身份认证-多数据源认证;iteye_16284;《https://blog.csdn.net/iteye_16284/article/details/82357478》;20120618;全文 * |
| 工业控制系统的安全技术与应用研究综述;锁延锋;《计算机科学》;20180430;第45卷(第4期);第25-33页 * |
| 阿里云安全基线_记录如下_不定时更新;Qtong;《https://cnblogs.com/qtong/p/9672900.html》;20180919;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110084031A (en) | 2019-08-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101742499B (en) | Account number protection system for mobile communication equipment terminal and application method thereof | |
| CN105516195B (en) | A kind of security certification system and its authentication method based on application platform login | |
| CN110084031B (en) | Method for security authentication of information system account with customizable authentication logic | |
| CN102281138B (en) | Method and system for improving safety of verification code | |
| CN110990827A (en) | Identity information verification method, server and storage medium | |
| CN108965222B (en) | Identity authentication method, system and computer readable storage medium | |
| CN106453361B (en) | A kind of security protection method and system of the network information | |
| US10147092B2 (en) | System and method for signing and authenticating secure transactions through a communications network | |
| CN101257489A (en) | Method for protecting account number safety | |
| CN1832401A (en) | Method for protecting safety of account number cipher | |
| CN111131301A (en) | Unified authentication and authorization scheme | |
| CN102868702B (en) | System login device and system login method | |
| CN103853950A (en) | Authentication method based on mobile terminal and mobile terminal | |
| CN103795724A (en) | Method for protecting account security based on asynchronous dynamic password technology | |
| CN111327629B (en) | Identity verification method, client and server | |
| CN101582768A (en) | Login authentication method in electronic advertisement system and system | |
| CN104125230B (en) | A kind of short message certification service system and authentication method | |
| CN102761557A (en) | Terminal device authentication method and device | |
| CN110889697A (en) | Block chain-based railway system and using method thereof | |
| CN109462572B (en) | Multi-factor authentication method, system, storage medium and security gateway based on encryption card and UsbKey | |
| CN109829722A (en) | A kind of user identity real name identification method of electronic fare payment system | |
| US20140250499A1 (en) | Password based security method, systems and devices | |
| KR101996317B1 (en) | Block chain based user authentication system using authentication variable and method thereof | |
| CN113852628A (en) | Decentralized single sign-on method, decentralized single sign-on device and storage medium | |
| CN106452845B (en) | A kind of implementation method unlocked online and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |