CN111935095A - Source code leakage monitoring method and device and computer storage medium - Google Patents
Source code leakage monitoring method and device and computer storage medium Download PDFInfo
- Publication number
- CN111935095A CN111935095A CN202010678154.1A CN202010678154A CN111935095A CN 111935095 A CN111935095 A CN 111935095A CN 202010678154 A CN202010678154 A CN 202010678154A CN 111935095 A CN111935095 A CN 111935095A
- Authority
- CN
- China
- Prior art keywords
- access
- malicious
- user
- address
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 238000012544 monitoring process Methods 0.000 title claims abstract description 19
- 238000012795 verification Methods 0.000 claims abstract description 20
- 238000013475 authorization Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 abstract description 8
- 238000001514 detection method Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 10
- 238000004590 computer program Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000012806 monitoring device Methods 0.000 description 2
- 230000002035 prolonged effect Effects 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000006854 communication Effects 0.000 description 1
- 230000009193 crawling Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a source code leakage monitoring method, which comprises the following steps: carrying out identity authentication on a user, carrying out authority identification on the user passing the identity authentication, and determining whether to allow login; analyzing an access request of a logged-in user, and judging whether an IP address corresponding to the access request is a malicious access address or not according to a preset malicious judgment rule; and outputting prompt information to the malicious access address, and prolonging the waiting time of an access request process initiated by the malicious access address. The application also discloses source code leakage monitoring, which comprises a verification identification module, a malicious access judgment module and a malicious access control module. The method and the device can strictly protect the source code through multiple verification on one hand, can detect through malicious access rules on the other hand, adjust the hysteresis of malicious access avoidance processing measures according to the detection result, and improve the safety of the source code protection measures.
Description
Technical Field
The invention relates to computer network information security protection, in particular to a source code leakage monitoring method and device and a computer storage medium.
Background
During the development of software, the computers in the local area network in which the software development environment resides communicate with each other as needed for their operation.
At present, in order to prevent the source code from leaking in the communication process, a common computer access control technology may be adopted, for example, IP and MAC address binding is performed on a router, a firewall or a switch, and only a computer added in a binding table can surf the internet; the computer inter-access technology in the local area network is controlled by the VLAN technology, computers in the local area network are divided into different network segments, machines in different network segments cannot access each other, and if the computers need to access each other in different network segments, an access strategy needs to be set on a switch. Although this approach allows inter-computer access, it is inconvenient to manage. In addition, the source code can be protected by encrypting, and after the source code is encrypted, decryption is needed during use, so that a processing program is increased, and the use is inconvenient.
In addition, in the prior art, after a source code is usually obtained in a leakage risk access operation, a log audit system alarm is received, the type of software is controlled manually according to a code version used by a website developer, access request characteristics recorded in an access log are analyzed, and the reason and the influence range of source code leakage are determined. The method has serious hysteresis, cannot avoid leakage of website source codes, and has large safety risk of website servers and user data.
Disclosure of Invention
The purpose of the invention is as follows: the application aims to provide a source code leakage monitoring method, a source code leakage monitoring device and a computer storage medium, and overcomes the defects that the existing source code leakage monitoring method is lagged in processing and high in data security risk.
The technical scheme is as follows: one aspect of the application discloses a source code leakage monitoring method, which includes:
carrying out identity authentication on a user, carrying out authority identification on the user passing the identity authentication, and determining whether to allow login;
analyzing an access request of a logged-in user, and judging whether an IP address corresponding to the access request is a malicious access address or not according to a preset malicious judgment rule;
and outputting prompt information to the malicious access address, and prolonging the waiting time of an access request process initiated by the malicious access address.
Further, identity authentication is carried out by adopting a PKI-based UKey identity authentication system, the identity authentication system comprises a client and a server connected with the client, registered user information and corresponding access authority are stored in the server, and the registered user information and the corresponding authority information are stored in an LDAP directory mode; the server comprises an identity authentication unit and a permission identification unit.
Further, authenticating the user comprises:
the client sends an identity authentication request to an identity authentication unit through a UKey containing a digital certificate and a private key;
responding to the identity authentication request, and feeding back a temporary random number to the client by the authentication unit;
the client receives a PIN code input by a user, and if the PIN code is wrong, the identity authentication is quitted; if the PIN code is correct:
encrypting the temporary random number and the identity information contained in the digital certificate by using the UKey, carrying out digital signature, and sending a signature result to a verification unit;
the verification unit verifies the validity of the digital certificate and verifies the digital signature information and the user information according to the registered user information, if any one of the three fails in verification, the authentication fails, and the authentication failure credential is fed back to the client and the authentication is exited; if the three are successfully verified, the identity verification is successful, and the authentication data of the successful identity verification is respectively sent to the client and the authority identification unit.
Further, the authority identification of the user passing the identity authentication comprises the following steps:
according to the received successful authentication credentials of the identity authentication, the authority identification unit acquires a user unique identifier DN from the corresponding digital certificate;
searching the LDAP directory according to the unique identifier DN, if the corresponding user is not inquired, feeding back a permission identification failure result to the client, and quitting the permission identification; and if the corresponding user is inquired, feeding back an authorization result to the client, and allowing the user to log in.
Further, the preset malicious decision rule includes:
judging whether the access request is a risk access request or not according to predefined source code leakage characteristics;
counting the times of risk access requests initiated by the same IP address within a preset time length;
and if the frequency of the risk access requests exceeds a preset risk frequency threshold value, judging the corresponding IP address as a malicious access address, and distributing a malicious access identifier to the IP address.
Further, the source code leakage characteristics comprise that the access requests exceed the authorization range and the interval time of the access requests is equal.
Further, the prompting information output of the malicious access address comprises the step of sending prompting information to an administrator through the mobile terminal or the source code monitoring terminal.
Further, the following method can be selected to prolong the waiting time of the access request process initiated by the malicious access address:
an access request process initiated by a malicious access address is executed after the access request process is suspended for a preset waiting time;
and reducing the priority of the access request initiated by the malicious access address by a preset grade number.
This application another aspect discloses a source code reveals monitoring device, includes:
the authentication identification module is configured to authenticate the user, identify the authority of the user passing the authentication and determine whether to allow login;
the malicious access judging module is configured to analyze an access request of a logged-in user and judge whether an IP address corresponding to the access request is a malicious access address or not according to a preset malicious judging rule;
and the malicious access control module is configured to prompt and output the malicious access address and prolong the waiting time of an access request process initiated by the malicious access address.
The application also discloses a computer readable storage medium, which contains computer executable instructions, and the executable instructions are used for realizing the source code leakage monitoring method when being executed.
Has the advantages that: compared with the prior art, the method and the device have the advantages that the user identity and the access right are subjected to multiple verification, centralized right management is provided, and the access safety is improved. In addition, the access request is detected to be malicious access, and then the detection result is utilized to accurately and timely find the malicious request in the access request, timely output prompt information and suspend access, so that a website administrator is prevented from responding to the malicious request by a website server, and the data security is improved.
Drawings
FIG. 1 is a flow chart of a source code leakage monitoring method of the present application;
FIG. 2 is a block diagram of an identity verification system as used herein;
fig. 3 is a block diagram of a source code leakage monitoring apparatus according to the present application.
Detailed Description
The invention is further described below with reference to the following figures and examples:
one aspect of the present application discloses a source code leakage monitoring method, as shown in fig. 1, including:
s101, the user is authenticated, the authority of the user passing the authentication is identified, and whether login is allowed or not is determined.
Specifically, in this embodiment, a PKI-based UKey authentication system is used for authentication, as shown in fig. 2, the authentication system includes a client 201 and a server 202 connected to the client, registered user information and corresponding access rights are stored in the server, and the registered user information and corresponding rights information are stored in an LDAP directory; the server includes an authentication unit 2021 and a rights identification unit 2022.
Wherein, the authentication of the user comprises:
firstly, a client 201 sends an authentication request to an authentication unit through a UKey containing a digital certificate and a private key;
responding to the identity authentication request, and feeding back a temporary random number to the client by the authentication unit;
thirdly, in order to strengthen the authentication of the user, the user needs to input a PIN code at the client, the client receives the PIN code input by the user, and if the PIN code is wrong, the authentication is quitted; if the PIN code is correct:
encrypting the temporary random number and the identity information contained in the digital certificate by using the UKey, carrying out digital signature, and sending a signature result to a verification unit;
the verification unit verifies the validity of the digital certificate, verifies the digital signature information and the user information according to the registered user information, if any one of the verification fails, the authentication fails, feeds back authentication failure credentials to the client and quits the authentication; if the three are successfully verified, the identity verification is successful, and the authentication data of the successful identity verification is respectively sent to the client and the authority identification unit.
The authority identification unit carries out authority identification on the user passing the identity authentication, and the authority identification unit comprises the following steps:
firstly, according to the received successful authentication proof, the authority identification unit acquires a user unique identifier DN from a corresponding digital certificate;
retrieving the LDAP directory according to the unique identifier DN, if the corresponding user is not inquired, feeding back a permission identification failure result to the client, and quitting the permission identification; and if the corresponding user is inquired, feeding back an authorization result to the client, and allowing the user to log in. The authorization result includes whether the user has the right to access and the specific scope of the access right authorized to access.
The user can know whether the authority verification passes through the client, and for the user passing the authority verification, the user needs to input an account and a password through the client to log in, and the user can access the user after the login is successful. The account and the password are set here, so that the access security of the source code data is further ensured.
In other embodiments of the present application, in consideration of the amount of data involved in system operation, an authentication server and an authority identification server may be respectively disposed at the server side to process authentication and authority identification of the user.
S102, the access request of the logged-in user is analyzed, and whether the IP address corresponding to the access request is a malicious access address or not is judged according to a preset malicious judgment rule.
Specifically, in this embodiment, the preset malicious decision rule includes:
judging whether the access request is a risk access request or not according to the predefined source code leakage characteristics. In particular embodiments, the source code leakage characteristic may be set to include that the access request is out of the authorized range, and the interval time of the access request is equal. The behavior characteristics of abnormal behaviors such as out-of-limit access, crawler crawling and the like are mainly concerned.
And secondly, counting the times of risk access requests initiated by the same IP address within a preset time length.
And thirdly, if the number of the risk access requests exceeds a preset risk number threshold, judging the corresponding IP address as a malicious access address, distributing a malicious access identifier to the IP address, and identifying access requests subsequently sent by the IP address through the malicious access identifier.
S103, prompt information is output to the malicious access address, and the waiting time of an access request process initiated by the malicious access address is prolonged.
In the embodiment, the prompt information output is mainly used for prompting a website administrator to process malicious access in time, and an information prompt can be sent to the website administrator through the mobile terminal; in other embodiments of the present application, the reminding can be performed by sending a prompt message to the PC of the administrator, or both of the two prompt modes can be used.
In order to avoid the hysteresis of the administrator processing, a certain time is strived for the subsequent processing, and the waiting time of an access request process initiated by a malicious access address is prolonged while the prompt information is sent.
Specifically, the access request process initiated by the malicious access address can be executed after the access request process is suspended for a preset waiting time, that is, the waiting time t is preset according to the requirement, and when the access request initiated by the malicious access address is identified, the access request process is executed after the access request is suspended for the time t.
Optionally, the priority of an access request initiated by a malicious access address is reduced by a preset level number n (n is a positive integer); that is, when an access request initiated by a malicious access address is identified, the access request is reduced by n or no less than n priorities from the current priority.
Optionally, in another embodiment of the present application, after the n + process is set, an access request initiated by a malicious access address may be executed, or the access request may be placed at the end of the process list.
Another aspect of the present application discloses a source code leakage monitoring apparatus, as shown in fig. 3, including:
a verification identification module 301 configured to perform authentication on a user, perform authority identification on the user who passes the authentication, and determine whether to allow login;
a malicious access determination module 302 configured to analyze an access request of a logged-in user, and determine whether an IP address corresponding to the access request is a malicious access address according to a preset malicious determination rule;
and the malicious access control module 303 is configured to prompt and output the malicious access address, and prolong the waiting time of an access request process initiated by the malicious access address.
The application also discloses a computer readable storage medium, which contains computer executable instructions, and the executable instructions are used for realizing the source code leakage monitoring method when being executed.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Claims (10)
1. A source code leakage monitoring method is characterized by comprising the following steps:
carrying out identity authentication on a user, carrying out authority identification on the user passing the identity authentication, and determining whether to allow login;
analyzing an access request of a logged-in user, and judging whether an IP address corresponding to the access request is a malicious access address or not according to a preset malicious judgment rule;
and outputting prompt information to the malicious access address, and prolonging the waiting time of an access request process initiated by the malicious access address.
2. The method according to claim 1, characterized in that a PKI-based UKey authentication system is used for authentication, the authentication system comprises a client and a server connected with the client, registered user information and corresponding access rights are stored in the server, and the registered user information and the corresponding rights information are stored in an LDAP directory; the server comprises an identity authentication unit and a permission identification unit.
3. The method of claim 2, wherein authenticating the user comprises:
the client sends an identity authentication request to the identity authentication unit through a UKey containing a digital certificate and a private key;
responding to the identity authentication request, and feeding back a temporary random number to the client by the authentication unit;
the client receives a PIN code input by a user, and if the PIN code is wrong, the identity authentication is quitted; if the PIN code is correct:
encrypting the temporary random number and the identity information contained in the digital certificate by using the UKey, performing digital signature, and sending a signature result to the verification unit;
the verification unit verifies the validity of the digital certificate and verifies the digital signature information and the user information according to the registered user information, if any one of the three fails in verification, the authentication fails, and identity authentication failure credentials are fed back to the client and the authentication is exited; if the three are successfully verified, the authentication is successful, and authentication successful credentials are respectively sent to the client and the authority identification unit.
4. The method of claim 3, wherein the performing rights identification for the authenticated user comprises:
according to the received successful authentication credentials of the identity authentication, the authority identification unit acquires a user unique identifier DN from a corresponding digital certificate;
retrieving the LDAP directory according to the unique identifier DN, if a corresponding user is not inquired, feeding back a permission identification failure result to the client, and quitting permission identification; and if the corresponding user is inquired, feeding back an authorization result to the client, and allowing the user to log in.
5. The method according to claim 1, wherein the preset malicious decision rule comprises:
judging whether the access request is a risk access request or not according to predefined source code leakage characteristics;
counting the times of risk access requests initiated by the same IP address within a preset time length;
and if the frequency of the risk access request exceeds a preset risk frequency threshold value, judging the corresponding IP address as a malicious access address, and distributing a malicious access identifier to the IP address.
6. The method of claim 5, wherein the source code leakage characteristics comprise that the access requests are out of authorization range and the interval time of the access requests is equal.
7. The method of claim 1, wherein outputting the hint information for the malicious access address comprises sending a hint information to an administrator via a mobile terminal or a source code monitoring terminal.
8. The method of claim 1, wherein the extending the latency of the access request process initiated by the malicious access address is selected from the following:
the access request process initiated by the malicious access address is executed after the operation is suspended for a preset waiting time;
and reducing the priority of the access request initiated by the malicious access address by a preset grade number.
9. A source code leakage monitoring apparatus, comprising:
the authentication identification module is configured to authenticate the user, identify the authority of the user passing the authentication and determine whether to allow login;
the malicious access judging module is configured to analyze an access request of a logged-in user and judge whether an IP address corresponding to the access request is a malicious access address or not according to a preset malicious judging rule;
and the malicious access control module is configured to prompt and output the malicious access address and prolong the waiting time of an access request process initiated by the malicious access address.
10. A computer-readable storage medium containing computer-executable instructions which, when executed, implement the source code leakage monitoring method of any one of claims 1-8.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010678154.1A CN111935095A (en) | 2020-07-15 | 2020-07-15 | Source code leakage monitoring method and device and computer storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010678154.1A CN111935095A (en) | 2020-07-15 | 2020-07-15 | Source code leakage monitoring method and device and computer storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111935095A true CN111935095A (en) | 2020-11-13 |
Family
ID=73312392
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010678154.1A Pending CN111935095A (en) | 2020-07-15 | 2020-07-15 | Source code leakage monitoring method and device and computer storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111935095A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112380503A (en) * | 2021-01-14 | 2021-02-19 | 北京东方通软件有限公司 | Method for protecting core program and memory |
CN112380556A (en) * | 2020-11-30 | 2021-02-19 | 南京云悦欣自动化工程有限公司 | Account authority management distribution method |
CN114697063A (en) * | 2020-12-30 | 2022-07-01 | 北京国双科技有限公司 | Security authentication method and device, electronic equipment and storage medium |
CN115208616A (en) * | 2022-05-20 | 2022-10-18 | 深圳铸泰科技有限公司 | Internet of things safety monitoring method and system based on double engines |
CN115730339A (en) * | 2023-01-26 | 2023-03-03 | 深圳海云安网络安全技术有限公司 | Method and system for protecting plug-in code and preventing leakage based on IDE source code |
CN117857221A (en) * | 2024-03-07 | 2024-04-09 | 北京谷器数据科技有限公司 | Authority management method and system for remote service platform |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101350822A (en) * | 2008-09-08 | 2009-01-21 | 南开大学 | Method for discovering and tracing Internet malevolence code |
TW201141153A (en) * | 2010-05-10 | 2011-11-16 | Alibaba Group Holding Ltd | Method and system for intercepting malicious access |
WO2017071551A1 (en) * | 2015-10-30 | 2017-05-04 | 北京奇虎科技有限公司 | Method and device for preventing malicious access to login/registration interface |
WO2017107976A1 (en) * | 2015-12-23 | 2017-06-29 | 索尼公司 | Client apparatus, server apparatus and access control system for authorized access |
WO2018088680A1 (en) * | 2016-11-09 | 2018-05-17 | 주식회사 수산아이앤티 | Security system and method for processing request for access to blocked site |
CN108900473A (en) * | 2018-06-04 | 2018-11-27 | 麒麟合盛网络技术股份有限公司 | A kind of data monitoring method, device and system |
WO2019028405A1 (en) * | 2017-08-04 | 2019-02-07 | OneTrust, LLC | Data processing systems for the identification and deletion of personal data in computer systems |
CN109587101A (en) * | 2017-09-29 | 2019-04-05 | 腾讯科技(深圳)有限公司 | A kind of digital certificate management method, device and storage medium |
CN110008692A (en) * | 2019-03-22 | 2019-07-12 | 联想(北京)有限公司 | A kind of information processing method, device and storage medium |
CN110572355A (en) * | 2019-07-23 | 2019-12-13 | 平安科技(深圳)有限公司 | Webpage data monitoring method and device, computer equipment and storage medium |
US20200012813A1 (en) * | 2016-06-10 | 2020-01-09 | OneTrust, LLC | Data processing systems for prioritizing data subject access requests for fulfillment and related methods |
-
2020
- 2020-07-15 CN CN202010678154.1A patent/CN111935095A/en active Pending
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101350822A (en) * | 2008-09-08 | 2009-01-21 | 南开大学 | Method for discovering and tracing Internet malevolence code |
TW201141153A (en) * | 2010-05-10 | 2011-11-16 | Alibaba Group Holding Ltd | Method and system for intercepting malicious access |
WO2017071551A1 (en) * | 2015-10-30 | 2017-05-04 | 北京奇虎科技有限公司 | Method and device for preventing malicious access to login/registration interface |
WO2017107976A1 (en) * | 2015-12-23 | 2017-06-29 | 索尼公司 | Client apparatus, server apparatus and access control system for authorized access |
US20200012813A1 (en) * | 2016-06-10 | 2020-01-09 | OneTrust, LLC | Data processing systems for prioritizing data subject access requests for fulfillment and related methods |
WO2018088680A1 (en) * | 2016-11-09 | 2018-05-17 | 주식회사 수산아이앤티 | Security system and method for processing request for access to blocked site |
WO2019028405A1 (en) * | 2017-08-04 | 2019-02-07 | OneTrust, LLC | Data processing systems for the identification and deletion of personal data in computer systems |
CN109587101A (en) * | 2017-09-29 | 2019-04-05 | 腾讯科技(深圳)有限公司 | A kind of digital certificate management method, device and storage medium |
CN108900473A (en) * | 2018-06-04 | 2018-11-27 | 麒麟合盛网络技术股份有限公司 | A kind of data monitoring method, device and system |
CN110008692A (en) * | 2019-03-22 | 2019-07-12 | 联想(北京)有限公司 | A kind of information processing method, device and storage medium |
CN110572355A (en) * | 2019-07-23 | 2019-12-13 | 平安科技(深圳)有限公司 | Webpage data monitoring method and device, computer equipment and storage medium |
Non-Patent Citations (2)
Title |
---|
朱智强等: "基于数字证书的openstack 身份认证协议", 《通信学报》 * |
王淑妮: "基于UKey的云计算资源认证与管理系统", 《中国优秀硕士论文库信息科技辑》 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112380556A (en) * | 2020-11-30 | 2021-02-19 | 南京云悦欣自动化工程有限公司 | Account authority management distribution method |
CN114697063A (en) * | 2020-12-30 | 2022-07-01 | 北京国双科技有限公司 | Security authentication method and device, electronic equipment and storage medium |
CN112380503A (en) * | 2021-01-14 | 2021-02-19 | 北京东方通软件有限公司 | Method for protecting core program and memory |
CN112380503B (en) * | 2021-01-14 | 2021-04-30 | 北京东方通软件有限公司 | Method for protecting core program and memory |
CN115208616A (en) * | 2022-05-20 | 2022-10-18 | 深圳铸泰科技有限公司 | Internet of things safety monitoring method and system based on double engines |
CN115208616B (en) * | 2022-05-20 | 2023-06-23 | 深圳铸泰科技有限公司 | Internet of things safety monitoring method and system based on double engines |
CN115730339A (en) * | 2023-01-26 | 2023-03-03 | 深圳海云安网络安全技术有限公司 | Method and system for protecting plug-in code and preventing leakage based on IDE source code |
CN117857221A (en) * | 2024-03-07 | 2024-04-09 | 北京谷器数据科技有限公司 | Authority management method and system for remote service platform |
CN117857221B (en) * | 2024-03-07 | 2024-06-04 | 北京谷器数据科技有限公司 | Authority management method and system for remote service platform |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11223480B2 (en) | Detecting compromised cloud-identity access information | |
CN111935095A (en) | Source code leakage monitoring method and device and computer storage medium | |
US10110585B2 (en) | Multi-party authentication in a zero-trust distributed system | |
JP6357158B2 (en) | Secure data processing with virtual machines | |
US20170012978A1 (en) | Secure communication method and apparatus | |
US20160254913A1 (en) | System and method for secure release of secret information over a network | |
EP2875460B1 (en) | Anti-cloning system and method | |
CN110690972B (en) | Token authentication method and device, electronic equipment and storage medium | |
CN111800378B (en) | Login authentication method, device, system and storage medium | |
CN114553540B (en) | Zero trust-based Internet of things system, data access method, device and medium | |
CN113572791B (en) | Video Internet of things big data encryption service method, system and device | |
CN108063748B (en) | User authentication method, device and system | |
CN111399980A (en) | Safety authentication method, device and system for container organizer | |
CN117155716B (en) | Access verification method and device, storage medium and electronic equipment | |
CN106295384B (en) | Big data platform access control method and device and authentication server | |
CN109587134B (en) | Method, apparatus, device and medium for secure authentication of interface bus | |
CN114157438A (en) | Network equipment management method and device and computer readable storage medium | |
CN112422292B (en) | Network security protection method, system, equipment and storage medium | |
US11177958B2 (en) | Protection of authentication tokens | |
CN114584318A (en) | Access control method of certificate and secret key, electronic equipment and storage medium | |
CN113468591A (en) | Data access method, system, electronic device and computer readable storage medium | |
CN112926101A (en) | Disk partition encryption method, system, device and computer readable medium | |
CN114626050A (en) | Authentication method, device, equipment and medium | |
CN114021094B (en) | Remote server login method, electronic device and storage medium | |
JP2016021621A (en) | Communication system and communication method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201113 |