CN111177692B - Terminal credibility level evaluation method, device, equipment and storage medium - Google Patents
Terminal credibility level evaluation method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN111177692B CN111177692B CN201911207448.XA CN201911207448A CN111177692B CN 111177692 B CN111177692 B CN 111177692B CN 201911207448 A CN201911207448 A CN 201911207448A CN 111177692 B CN111177692 B CN 111177692B
- Authority
- CN
- China
- Prior art keywords
- terminal
- safety
- determining
- reference factor
- score
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The embodiment of the invention relates to the technical field of network security, in particular to a method, a device, equipment and a storage medium for evaluating the credibility level of a terminal. A terminal credibility level evaluation method comprises the following steps: determining a safety reference factor influencing the safety of the terminal; and the status of the safety reference factor; determining a score of contribution of each safety reference factor to the rating according to the state of the safety reference factor; calculating a total score according to the score of each safety reference factor contributing to the rating; and determining the corresponding grade according to the total score. The terminal credibility level evaluation method can determine the credibility level of the terminal so as to determine whether the terminal can access the server, and if the terminal does not have enough level, the terminal is determined not to be allowed to access the server, so that the safety is improved.
Description
Technical Field
The embodiment of the invention relates to the technical field of network security, in particular to a method, a device, equipment and a storage medium for evaluating the credibility level of a terminal.
Background
With the rapid development of network technology, the current working mode of people is greatly changed; the office staff may not be spatially limited inside the company, but may contact the company through the terminal through the network in any corner of the world; accessing a server inside a company, and working by using an application inside the company; the terminal can be a mobile phone, a PC, a notebook computer and the like.
In the prior art, the condition of the terminal is not suitable for accessing the server in the enterprise, but the gateway in the enterprise still allows the terminal to be accessed; including the aspect of safety factors, if the terminal carries viruses to access the server, potential safety hazards are brought.
Disclosure of Invention
Therefore, the embodiment of the invention provides a method, a device and equipment for evaluating the credibility level of a terminal, so as to solve the problem of insecurity caused by not rating the terminal in the prior art.
In order to achieve the above object, the embodiments of the present invention provide the following technical solutions:
according to a first aspect of an embodiment of the present invention, a method for evaluating a trust level of a terminal, applied to the terminal, includes:
determining a safety reference factor influencing the safety of the terminal; and the status of the safety reference factor;
determining a score of contribution of each safety reference factor to the rating according to the state of the safety reference factor;
calculating a total score according to the score of each safety reference factor contributing to the rating;
and determining the corresponding grade according to the total score.
In one embodiment, the safety reference factors include one or more of the following: patches for antivirus software, firewalls, operating systems;
the states of the safety reference factors include: whether antivirus software is installed, whether a firewall is opened, and whether a patch of an operating system is installed.
In one embodiment, the method further comprises:
determining a use reference factor influencing the use of the terminal;
calculating a score corresponding to the use reference factor;
calculating a total score of the secure reference factors and the use reference factors;
and determining the corresponding grade according to the total score.
In one embodiment, the usage reference factors include one or more of the following: whether or not the enterprise specifically requires software to be installed.
In one embodiment, a security reference factor affecting the security of the terminal is determined; and before the status of the safety reference factor, including:
receiving a domain name or an address of a target input by the browser.
In one embodiment, determining the corresponding level according to the total score includes: and sending a data packet carrying the level information to a gateway so that the gateway determines whether the terminal has the authority to access the server according to the level information.
According to a second aspect of the embodiments of the present invention, a terminal trust level evaluation apparatus includes:
the state determining module is used for determining safety reference factors influencing the safety of the terminal; and the status of the safety reference factor;
the score calculation module is used for determining the score of the contribution of each safety reference factor to the rating according to the state of the safety reference factor;
calculating a total score according to the score of each safety reference factor contributing to the rating;
and the level determining module is used for determining the corresponding level according to the total score.
In one embodiment, the state determination module is further configured to:
determining a usage reference factor having an influence on the usage of the terminal;
the score calculating module is also used for calculating the score corresponding to the use reference factor;
calculating a total score of the secure reference factors and the usage reference factors;
the grade determining module is further used for determining the corresponding grade according to the total score.
In one embodiment, the method further comprises: the terminal comprises a receiving module, a judging module and a judging module, wherein the receiving module is used for determining a safety reference factor which influences the safety of the terminal; receiving a domain name or an address of a target input by a browser before the state of the safety reference factor;
in one embodiment, the method further comprises: and the sending module is used for sending a data packet carrying the grade information to a gateway after determining the corresponding grade according to the total score so that the gateway can determine whether the terminal has the authority to access the server according to the grade information.
According to a third aspect of the embodiments of the present invention, a terminal trust level evaluation device includes: at least one processor and at least one memory;
the memory for storing one or more program instructions;
the processor, configured to execute one or more program instructions, is configured to perform the following steps:
determining a safety reference factor influencing the safety of the terminal; and the status of the safety reference factor;
determining a score of contribution of each safety reference factor to the rating according to the state of the safety reference factor;
calculating a total score according to the score of each safety reference factor contributing to the rating;
and determining the corresponding grade according to the total score.
In one embodiment, the processor is further configured to:
determining a use reference factor influencing the use of the terminal;
calculating a score corresponding to the use reference factor;
calculating a total score of the secure reference factors and the use reference factors;
and determining the corresponding grade according to the total score.
In one embodiment, the processor is further configured to: determining a safety reference factor influencing the safety of the terminal; and receiving the domain name or address of the target input by the browser before the state of the safety reference factor.
In one embodiment, the processor is further configured to: and after determining the corresponding grade according to the total score, sending a data packet carrying the grade information to a gateway so that the gateway determines whether the terminal has the right to access a server according to the grade information.
A method for determining whether a terminal has access right is applied to a gateway, and the method comprises the following steps:
receiving a data packet which is sent by a terminal and carries the grade information of the terminal;
comparing the level of the terminal with a preset standard level;
and if the credibility level of the terminal is lower than the preset standard level, determining that the terminal has no authority to access.
An apparatus for determining whether a terminal has access right, applied to a gateway, the method comprising:
the receiving module is used for receiving a data packet which is sent by the terminal and carries the grade information of the terminal;
the judging module is used for comparing the grade of the terminal with a preset standard grade;
and if the credibility level of the terminal is lower than the preset standard level, determining that the terminal has no authority to access.
The embodiment of the invention has the following advantages: when a terminal browser inputs a domain name or an address which is required to be accessed, determining the credibility level of the terminal and informing a gateway; the gateway can determine whether the terminal has the authority to access the server or not through the level of the terminal, and if the terminal does not have the authority to access the server, the terminal is refused to access the server; thereby improving safety.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It should be apparent that the drawings in the following description are merely exemplary, and that other embodiments can be derived from the drawings provided by those of ordinary skill in the art without inventive effort.
The structures, ratios, sizes, and the like shown in the present specification are only used for matching with the contents disclosed in the specification, so that those skilled in the art can understand and read the present invention, and do not limit the conditions for implementing the present invention, so that the present invention has no technical significance, and any structural modifications, changes in the ratio relationship, or adjustments of the sizes, without affecting the functions and purposes of the present invention, should still fall within the scope of the present invention.
Fig. 1 is a schematic view of a scenario in which a terminal accesses a company intranet server according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for evaluating a terminal trust level according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a terminal trust level evaluation apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a terminal trust level evaluation device according to an embodiment of the present invention.
In the figure: 10-a terminal; 11-a gateway; 12-an enterprise server; 31-a state determination module; 32-a score calculation module; 33-level determination module; 41-a processor; 42-memory.
Detailed Description
The present invention is described in terms of particular embodiments, other advantages and features of the invention will become apparent to those skilled in the art from the following disclosure, and it is to be understood that the described embodiments are merely exemplary of the invention and that it is not intended to limit the invention to the particular embodiments disclosed. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The development of network technology has profoundly changed the working mode of human beings. Mobile office is more and more popular at present; the staff is not limited by time and space factors, referring to a scene schematic diagram of a terminal accessing a company intranet server shown in fig. 1, and a user accesses the server through the terminal; the terminal can be a mobile terminal, including a mobile phone; can be a fixed computer; on the mobile terminal, the mobile terminal can be accessed through a browser and also through an APP. The terminal generally sends a requested knock data packet to a gateway of a company intranet; the data packet carries some information of the terminal; the gateway verifies according to the information, if the verification is passed, the default forbidden port is enabled, so that the terminal can access the server of the intranet through the port, and if the verification is not passed, the port of the gateway keeps the forbidden state, and the terminal cannot access the server. In the prior art, the gateway may not know the credibility level of the terminal, and may cause that for an untrusted terminal, the gateway still makes a situation that the terminal is allowed to access, thereby bringing an unsafe risk factor to the intranet of the company.
Based on this, the present application proposes a terminal trust level evaluation method, see a flow chart of the terminal trust level evaluation method shown in fig. 2; the method comprises the following steps:
step S201, determining a safety reference factor influencing the safety of the terminal; and the status of the safety reference factor;
wherein, the safety reference factors comprise one or more of the following: patches for antivirus software, firewalls, operating systems; the states of the safety reference factors include: whether antivirus software is installed, whether a firewall is opened, and whether a patch of an operating system is installed.
Wherein, whether certain software is installed or not can be determined by inquiring the registry; and whether certain software is running; the smallest patch of the operating system may also be queried; because the operating system will often update patches; if the terminal does not have the latest patch of the operating system installed, the security of the terminal is reduced; the firewall is used for protecting the terminal, and if the firewall of the terminal is not started, the identification security is reduced; if the firewall of the terminal is started, the security is improved; the state of the firewall can be determined by querying the configuration file of the firewall, and the state comprises the following steps: on or off.
Step S202, determining the score of the contribution of each safety reference factor to the rating according to the state of the safety reference factor;
step S203, calculating a total score according to the score of each safety reference factor contributing to the rating;
and step S204, determining the corresponding grade according to the total score.
According to the method, the score of the safety reference factor of the terminal is calculated; determining a corresponding level by using the score; the security of the terminal can be expressed quantitatively or qualitatively; thereby laying the foundation for the gateway to determine whether the terminal has access rights.
In addition to the above-mentioned safety factors, there are also factors for using the reference, and in one embodiment, the method further comprises:
determining a usage reference factor having an influence on the usage of the terminal;
wherein the use reference factors include: whether the software required by the enterprise is installed; wherein, the software can be one or more;
calculating a score corresponding to the use reference factor;
wherein, for example, the score corresponding to the software OA is 10; the score corresponding to the software ERP is 10 points; if both pieces of software are installed, determining that the score corresponding to the use reference factor should be 20; if only one piece of software OA is installed and no ERP is installed, the corresponding score is 10; different scores can be set according to different importance of software; for example, if the employee is a financial staff, the financial software is most important, and the corresponding score of the financial software may be set to 30 points, for example; wherein the financial software may be a friend. The financial software also comprises word and excel; for example, word corresponds to 20 points; excel corresponds to 20 points; while general software, such as OA, is not so important for the financial staff, the setting is for 5 points.
In order to better determine the score corresponding to each piece of software, in one embodiment, the method further comprises:
the method comprises the steps that a plurality of software are used for carrying out priority ranking on the work done by the staff or the importance degree of a department to which the staff belongs;
and setting corresponding scores for each software from high to low according to the software priority.
Setting a corresponding score value to be high for software with high priority; setting a corresponding low score for software with low priority;
calculating the score sum corresponding to all the software which is required by the enterprise and must be installed in the terminal; wherein the score is a score using a reference factor.
Finally, calculating the total score of the safety reference factors and the use reference factors as a final score; and determining the corresponding grade according to the total score.
If the score corresponding to the usage factor is 20 points; the score corresponding to the safety reference factor is 40 points; the sum is 60 minutes; pre-establishing a corresponding relation between the scores and the levels; see table 1 for the correspondence of scores and levels:
TABLE 1
According to the table 1, firstly, determining a score interval where the score of the terminal is located; then determining the level corresponding to the interval from a corresponding relation table; if the score of a certain terminal is 75, determining that the score interval is 71-80; further determining that the grade of the terminal is 3 grade; determining a standard threshold level, such as level 4; the terminal is class 3; less than 4; it is determined that the terminal can access the server.
One way is that whether the terminal has the right to access is directly determined according to the score of the terminal;
comparing the score of the terminal with a preset threshold score, and if the score is smaller than the preset threshold score, determining that the terminal has no authority to access; wherein the threshold score may be 60 points; the setting can be flexibly carried out, and the application is not limited;
the other mode is that whether the terminal has the authority to prevent counterfeiting is determined according to the grade of the terminal; and comparing the level of the terminal with a preset threshold level, and if the level of the terminal is smaller than or larger than the preset threshold level, determining that the terminal has no authority to access. The level of the terminal is less than or greater than the preset threshold level, which may be set according to an actual scene, for example, the level of the terminal is 3 levels; the threshold level is 5, if the threshold level is less than the threshold level, the authorized access is determined; and if the set level of the terminal is 6 levels and is more than 5 levels of the threshold value level, determining that the access is authorized. It can also be directly set to qualitative levels, for example, the levels include: high, medium and low; scores greater than 90 are classified as high; the score is intermediate between 60 and 90; the score is low between 10 and 60. Setting is needed according to the scene of the actual security requirement, for example, if the security requirement is high, only high level can be set to access; intermediate or low level cannot. If the safety requirement is not high, the access can be realized by setting the score to be larger than a preset threshold score; the threshold score can be flexibly set, such as 30.
In order to determine the timing to trigger the execution of steps S201-S204, in one embodiment, a security reference factor is determined that has an impact on the security of the terminal; and the state of the safety reference factor, receiving the domain name or address of the target input by the browser. When the domain name or the address of the server to be accessed, which is input by the user, is input in the address bar of the browser, the actions of the steps S201 to S204 are triggered to be executed.
In one embodiment, after determining the corresponding rank based on the total score, the following steps are taken:
and sending a data packet carrying the level information to a gateway so that the gateway determines whether the terminal has the authority to access the server according to the level information.
The data packet is a knock data packet, because the port in the gateway is in a non-enabled state by default, the terminal can access the server through the port only after the port is changed from the disabled state to the enabled state by the gateway; the knock data packet of the terminal carries the level information of the terminal, for example, the level of the terminal is high, medium or low; if the gateway determines that the terminal level is low; the gateway can directly refuse to open the port; the terminal has no authority to access the server; for the level information in digital form, if the predetermined threshold access level in the gateway is level 5; when the level of the terminal is 4 and is less than 5, the terminal is determined to have the authority to access the server, and the gateway changes the port from the disabled state to the enabled state.
Corresponding to the above method, the present application further provides a device for evaluating a trusted level of a terminal, referring to a schematic structural diagram of the device for evaluating a trusted level of a terminal shown in fig. 3, where the device includes:
a state determination module 31 for determining a security reference factor having an influence on the security of the terminal; and the status of the safety reference factor;
a score calculation module 32 for determining a score of each security reference factor contributing to the rating according to a state of the security reference factor;
calculating a total score according to the score of each safety reference factor contributing to the rating;
and a level determining module 33, configured to determine a corresponding level according to the total score.
In one embodiment, the state determination module 31 is further configured to:
determining a usage reference factor having an influence on the usage of the terminal;
the score calculating module 32 is further configured to calculate a score corresponding to the usage reference factor;
calculating a total score of the secure reference factors and the usage reference factors;
the level determining module 33 is further configured to determine a corresponding level according to the total score.
In one embodiment, the method further comprises: the terminal comprises a receiving module, a judging module and a judging module, wherein the receiving module is used for determining a safety reference factor influencing the safety of the terminal; receiving a domain name or an address of a target input by a browser before the state of the safety reference factor;
in one embodiment, the method further comprises: and the sending module is used for sending a data packet carrying the grade information to a gateway after determining the corresponding grade according to the total score so that the gateway can determine whether the terminal has the authority to access the server according to the grade information.
The present application further provides a terminal credibility level assessment device, which refers to the schematic structural diagram of a terminal credibility level assessment device shown in fig. 4; the apparatus comprises: at least one processor 41 and at least one memory 42;
the memory 42 is for storing one or more program instructions;
the processor 41 is configured to execute one or more program instructions to perform the following steps:
determining a safety reference factor influencing the safety of the terminal; and the status of the safety reference factor;
determining a score of contribution of each safety reference factor to the rating according to the state of the safety reference factor;
calculating a total score according to the score of each safety reference factor contributing to the rating;
and determining the corresponding grade according to the total score.
In one embodiment, the processor 41 is further configured to: determining a usage reference factor having an influence on the usage of the terminal;
calculating a score corresponding to the use reference factor;
calculating a total score of the secure reference factors and the use reference factors;
and determining the corresponding grade according to the total score.
In one embodiment, the processor 41 is further configured to: determining a safety reference factor influencing the safety of the terminal; and receiving the domain name or address of the target input by the browser before the state of the safety reference factor.
In one embodiment, the processor 41 is further configured to: and after determining the corresponding grade according to the total score, sending a data packet carrying the grade information to a gateway so that the gateway determines whether the terminal has the authority to access a server according to the grade information.
The application also provides a method for determining whether the terminal has the right to access, which is applied to a gateway and comprises the following steps:
receiving a data packet which is sent by a terminal and carries the grade information of the terminal;
comparing the level of the terminal with a preset standard level;
and if the credibility level of the terminal is lower than the preset standard level, determining that the terminal has no authority to access.
Wherein the port on the gateway is disabled by default; after the terminal is determined not to have access, the port keeps a forbidden state; the terminal cannot access the server. If it is determined that the level of the terminal can access the server, the gateway changes the disabled port to an enabled state, and the terminal can access the server through the enabled port.
The application also provides a device for determining whether the terminal has the right to access, which is applied to a gateway, and the method comprises the following steps:
the receiving module is used for receiving a data packet which is sent by the terminal and carries the grade information of the terminal;
the judging module is used for comparing the grade of the terminal with a preset standard grade;
and if the credibility level of the terminal is lower than the preset standard level, determining that the terminal has no authority to access.
Although the invention has been described in detail above with reference to a general description and specific examples, it will be apparent to one skilled in the art that modifications or improvements may be made thereto based on the invention. Accordingly, such modifications and improvements are intended to be within the scope of the invention as claimed.
Claims (4)
1. A terminal credibility level evaluation method is applied to a terminal, and comprises the following steps:
determining a safety reference factor influencing the safety of the terminal; and the status of the safety reference factor;
determining a score of contribution of each safety reference factor to the rating according to the state of the safety reference factor;
determining a usage reference factor having an influence on the usage of the terminal;
calculating a score corresponding to the use reference factor;
calculating a total score of the safety reference factors and the use reference factors;
determining a corresponding grade according to the total score;
the safety reference factors comprise one or more of the following: patches for antivirus software, firewalls, operating systems;
the states of the safety reference factors include: whether antivirus software is installed, whether a firewall is opened, and whether a patch of an operating system is installed;
the usage reference factors include: whether the software required by the enterprise is installed;
determining a safety reference factor influencing the safety of the terminal; and before the status of the safety reference factor, including:
receiving a domain name or an address of a target input by a browser;
after determining the corresponding grade according to the total score, the method comprises the following steps: and sending the data packet carrying the grade to a gateway so that the gateway determines whether the terminal has the authority to access the server according to the grade.
2. An apparatus for evaluating a trust level of a terminal, comprising:
the state determining module is used for determining safety reference factors influencing the safety of the terminal; and the status of the safety reference factor; the state determining module is also used for determining a use reference factor influencing the use of the terminal;
the score calculation module is used for determining the score of the contribution of each safety reference factor to the rating according to the state of the safety reference factor;
calculating a total score of the safety reference factors and the use reference factors;
the level determining module is used for determining the corresponding level according to the total score;
the safety reference factors comprise one or more of the following: patches for antivirus software, firewalls, operating systems;
the states of the safety reference factors include: whether antivirus software is installed, whether a firewall is opened, and whether a patch of an operating system is installed;
the usage reference factors include: whether the software required to be used by the enterprise is installed;
determining a safety reference factor influencing the safety of the terminal; and before the status of the safety reference factor, including:
receiving a domain name or an address of a target input by a browser;
after determining the corresponding grade according to the total score, the method comprises the following steps: and sending the data packet carrying the grade to a gateway so that the gateway determines whether the terminal has the authority to access the server according to the grade.
3. A terminal trust level evaluation device, comprising: at least one processor and at least one memory;
the memory is to store one or more program instructions;
the processor, configured to execute one or more program instructions, is configured to perform the following steps:
determining a safety reference factor influencing the safety of the terminal; and the status of the safety reference factor;
determining a score of contribution of each safety reference factor to the rating according to the state of the safety reference factor;
determining a usage reference factor having an influence on the usage of the terminal;
calculating a score corresponding to the use reference factor;
calculating a total score according to the score of each safety reference factor contributing to the rating;
determining a corresponding grade according to the total score;
the safety reference factors comprise one or more of the following: patches for antivirus software, firewalls, operating systems;
the states of the safety reference factors include: whether antivirus software is installed, whether a firewall is opened, and whether a patch of an operating system is installed;
the usage reference factors include: whether the software required to be used by the enterprise is installed;
determining a safety reference factor influencing the safety of the terminal; and before the status of the safety reference factor, including:
receiving a domain name or an address of a target input by a browser;
after determining the corresponding grade according to the total score, the method comprises the following steps: and sending the data packet carrying the grade to a gateway so that the gateway determines whether the terminal has the authority to access the server according to the grade.
4. A computer-readable storage medium having one or more program instructions embodied therein for being executed by the method of claim 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911207448.XA CN111177692B (en) | 2019-11-29 | 2019-11-29 | Terminal credibility level evaluation method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911207448.XA CN111177692B (en) | 2019-11-29 | 2019-11-29 | Terminal credibility level evaluation method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111177692A CN111177692A (en) | 2020-05-19 |
| CN111177692B true CN111177692B (en) | 2022-07-12 |
Family
ID=70656455
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911207448.XA Active CN111177692B (en) | 2019-11-29 | 2019-11-29 | Terminal credibility level evaluation method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111177692B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111917714B (en) * | 2020-06-18 | 2022-11-11 | 云南电网有限责任公司信息中心 | Zero trust architecture system and use method thereof |
| CN114282224B (en) * | 2021-12-23 | 2023-06-23 | 深圳朗驰科技有限公司 | Double-channel rack-mounted server based on trusted architecture |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1744494A (en) * | 2005-09-30 | 2006-03-08 | 广东省电信有限公司研究院 | Access authentication system and method by verifying safety of accessing host |
| CN101616137A (en) * | 2008-06-26 | 2009-12-30 | 中兴通讯股份有限公司 | The system that Host Security cut-in method, partition method and safety insert and isolates |
| WO2011027352A1 (en) * | 2009-09-03 | 2011-03-10 | Mcafee, Inc. | Network access control |
| CN102449633A (en) * | 2009-06-01 | 2012-05-09 | 皇家飞利浦电子股份有限公司 | Dynamic determination of access rights |
| CN103441991A (en) * | 2013-08-12 | 2013-12-11 | 江苏华大天益电力科技有限公司 | Mobile terminal security access platform |
| CN104618395A (en) * | 2015-03-04 | 2015-05-13 | 浪潮集团有限公司 | System and method for dynamic cross-domain access control based on trusted network connection |
| CN104660523A (en) * | 2013-11-25 | 2015-05-27 | 遵义供电局 | Network access control system |
| CN105610839A (en) * | 2015-12-31 | 2016-05-25 | 国网浙江奉化市供电公司 | Controlling method and device for accessing network by terminal |
| CN107332803A (en) * | 2016-04-29 | 2017-11-07 | 北京北信源软件股份有限公司 | A kind of admittance control method and system based on end host safe condition |
| CN107493576A (en) * | 2016-06-12 | 2017-12-19 | 上海连尚网络科技有限公司 | For the method and apparatus for the security information for determining WAP |
| CN109905407A (en) * | 2019-04-03 | 2019-06-18 | 北京奇安信科技有限公司 | Management method, system, equipment and medium based on vpn server access Intranet |
| CN110061987A (en) * | 2019-04-19 | 2019-07-26 | 武汉大学 | A kind of access control method and device of based role and trusted end-user |
-
2019
- 2019-11-29 CN CN201911207448.XA patent/CN111177692B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1744494A (en) * | 2005-09-30 | 2006-03-08 | 广东省电信有限公司研究院 | Access authentication system and method by verifying safety of accessing host |
| CN101616137A (en) * | 2008-06-26 | 2009-12-30 | 中兴通讯股份有限公司 | The system that Host Security cut-in method, partition method and safety insert and isolates |
| CN102449633A (en) * | 2009-06-01 | 2012-05-09 | 皇家飞利浦电子股份有限公司 | Dynamic determination of access rights |
| WO2011027352A1 (en) * | 2009-09-03 | 2011-03-10 | Mcafee, Inc. | Network access control |
| CN103441991A (en) * | 2013-08-12 | 2013-12-11 | 江苏华大天益电力科技有限公司 | Mobile terminal security access platform |
| CN104660523A (en) * | 2013-11-25 | 2015-05-27 | 遵义供电局 | Network access control system |
| CN104618395A (en) * | 2015-03-04 | 2015-05-13 | 浪潮集团有限公司 | System and method for dynamic cross-domain access control based on trusted network connection |
| CN105610839A (en) * | 2015-12-31 | 2016-05-25 | 国网浙江奉化市供电公司 | Controlling method and device for accessing network by terminal |
| CN107332803A (en) * | 2016-04-29 | 2017-11-07 | 北京北信源软件股份有限公司 | A kind of admittance control method and system based on end host safe condition |
| CN107493576A (en) * | 2016-06-12 | 2017-12-19 | 上海连尚网络科技有限公司 | For the method and apparatus for the security information for determining WAP |
| CN109905407A (en) * | 2019-04-03 | 2019-06-18 | 北京奇安信科技有限公司 | Management method, system, equipment and medium based on vpn server access Intranet |
| CN110061987A (en) * | 2019-04-19 | 2019-07-26 | 武汉大学 | A kind of access control method and device of based role and trusted end-user |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111177692A (en) | 2020-05-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104954350B (en) | Account information protection method and system | |
| US7904956B2 (en) | Access authorization with anomaly detection | |
| CN107809433B (en) | Asset management method and device | |
| CN110061987B (en) | Access access control method and device based on role and terminal credibility | |
| US20110162051A1 (en) | Authentication methods | |
| CN111177692B (en) | Terminal credibility level evaluation method, device, equipment and storage medium | |
| CN113536258A (en) | Terminal access control method and device, storage medium and electronic equipment | |
| CN106330958A (en) | Secure accessing method and device | |
| US11914699B2 (en) | Restricting access to application programming interfaces (APIs) | |
| CN106899561B (en) | TNC (network node controller) authority control method and system based on ACL (Access control List) | |
| CN111400723A (en) | TEE extension-based operating system kernel mandatory access control method and system | |
| CN108769070A (en) | One kind is gone beyond one's commission leak detection method and device | |
| CN110837644B (en) | System penetration testing method and device and terminal equipment | |
| CN105141573A (en) | Security protection method and security protection system based on WEB access compliance auditing | |
| KR20090121466A (en) | Apparatus and method for checking personal computer's security | |
| CN111159762B (en) | Subject credibility verification method and system under mandatory access control | |
| CN110881186B (en) | Illegal device identification method and device, electronic device and readable storage medium | |
| US9432357B2 (en) | Computer network security management system and method | |
| CN115080956A (en) | Detection method and system based on violation permission of installed application program of mobile terminal | |
| CN111131166B (en) | User behavior prejudging method and related equipment | |
| CN112351005A (en) | Internet of things communication method and device, readable storage medium and computer equipment | |
| CN115348086B (en) | Attack protection method and device, storage medium and electronic equipment | |
| AU2005209678A1 (en) | Integrated access authorization | |
| CN117254918A (en) | Zero trust dynamic authorization method and device, electronic equipment and readable storage medium | |
| CN113869704A (en) | Risk assessment method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20221201 Address after: Room 1106-3, Taihu Science and Technology Industrial Park, No. 18, Longshan South Road, Guangfu Town, Wuzhong District, Suzhou City, Jiangsu Province, 215100 Patentee after: Suzhou Yunzhishen Technology Co.,Ltd. Address before: 100080 809-1, 8 / F, No.9, North Fourth Ring Road West, Haidian District, Beijing Patentee before: CLOUDDEEP INTERNET (BEIJING) TECHNOLOGY Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: Room 1106-3, Taihu Science and Technology Industrial Park, No. 18, Longshan South Road, Guangfu Town, Wuzhong District, Suzhou City, Jiangsu Province, 215100 Patentee after: Suzhou Yunzhishen Technology Co.,Ltd. Address before: Room 1106-3, Taihu Science and Technology Industrial Park, No. 18, Longshan South Road, Guangfu Town, Wuzhong District, Suzhou City, Jiangsu Province, 215100 Patentee before: Suzhou Yunzhishen Technology Co.,Ltd. |