CN111953491B - SSH Certificate and LDAP based two-step authentication auditing method - Google Patents
SSH Certificate and LDAP based two-step authentication auditing method Download PDFInfo
- Publication number
- CN111953491B CN111953491B CN202010899475.4A CN202010899475A CN111953491B CN 111953491 B CN111953491 B CN 111953491B CN 202010899475 A CN202010899475 A CN 202010899475A CN 111953491 B CN111953491 B CN 111953491B
- Authority
- CN
- China
- Prior art keywords
- user
- certificate
- authentication
- ssh
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
Abstract
The invention discloses a two-step authentication auditing method based on SSH Certificate and LDAP, which comprises the following steps; step (1): when a domain administrator creates a user in a domain (or LDAP) server, the domain administrator creates a corresponding ObjectClass attribute for the user to store sshpublickey and Role information, and fills in a corresponding user public key and a Role corresponding to the authority which can be obtained by the user. The invention greatly increases the instability of login authentication service, the technical scheme has the advantages that all subsequent authentications are performed through a digital signature mode after internal authentication is completed, a third-party system is not involved in the authentication of a transnational network server, the availability of the whole service is ensured as much as possible, the authentication can be completed in an OA VPN network, the restriction of the VPN can be separated in a short time, the influence of the fault of the OA system is avoided, and the higher flexibility is provided.
Description
Technical Field
The invention relates to the technical field of server security, in particular to a two-step authentication auditing method based on SSH Certificate and LDAP.
Background
SSH is used as remote management service of Unix/Linux server, and the common login authentication mode only has two modes of password and public key/private key for user authentication. The password mode has the defects of easy leakage and propagation, difficult management and control, low safety and the like.
The public key/secret key mode is high in safety, management in a large-scale server is changed aiming at IT/operation and maintenance management personnel, updating and replacement cost is high, the security loopholes and hidden dangers exist in systems such as the bastion machine and the like, and once the private key is leaked due to the loopholes of the bastion machine, the server is completely exposed.
Meanwhile, a company/organization comprises a set of user management and authority system (such as a windows domain management system or an LDAP management platform), when the user management system of the company/organization needs to be integrated into the system native telnet and requires quasi-real-time authentication, the management system is required to have high stability and be open to all data centers, and if the organization uses a public cloud platform, internal systems are required to be exposed to a public cloud in a large scale.
In addition, the bastion machine is expected to be isolated or used in a distinguishing way aiming at different departments or groups in the same company/organization, and the combined authentication capability is provided aiming at personnel of cross-department/group, so that the requirement of high customization can not be basically met on the original SSH system.
Meanwhile, at present, a hybrid cloud platform of public cloud/private cloud may involve deploying an online service system across countries and even across continents, and a simple point-to-point authentication mode cannot achieve stable security and usability guarantee under such complex network conditions and in a hybrid cloud environment.
Disclosure of Invention
The invention aims to provide a two-step authentication auditing method based on SSH Certificate and LDAP, aiming at the situation that most of the current servers are deployed based on public cloud/private cloud platforms, a plurality of public cloud manufacturers or private cloud platform technical standards are involved, and simultaneously, multidata centers are deployed in a mixed manner across countries and continents, so that the situation of each data center server is different; the native SSH login or bastion machine approach fails to provide a highly customized authentication approach that is uniform and integrates the existing company/organization user management system across multiple platforms and multiple vendors and fails to satisfy a safe and reliable quasi-real-time rights isolation and audit system.
In order to achieve the purpose, the invention provides the following technical scheme: a two-step authentication auditing method based on SSH Certificate and LDAP comprises the following steps;
step (1): when a domain administrator creates a user in a domain (or LDAP) server, the domain administrator creates a corresponding ObjectClass attribute for the user to store sshpublickey and Role information, and fills in a corresponding user public key and a Role corresponding to the authority which can be obtained by the user.
Step (2): the method comprises the steps that operation and maintenance personnel are given roles in a data center according to business layer requirements or departments, a web server belongs to a web-admin group, a database server belongs to a db-admin group, the role group to which the server belongs is marked when the server applies for creation, an organization CA is configured on the server, and in order to avoid abuse of an original password and a public key system on the server, a system administrator can close password authentication and public key authentication modes in SSH service and only allows the server to log in through a certificate authentication mode.
And (3): the user automatically requests to sign and issue a Role certificate distributed by a company domain administrator by logging in an internal authentication system of a company on a work PC, the authentication system sends a request of the user and the Role certificate to a background certificate signing and issuing system after finishing user login and authenticating the Role to which the user belongs, the signing and issuing system verifies the relationship between the user and the Role again, if the verification is successful, a CA interface is called to sign and issue a corresponding certificate and returns the corresponding certificate to the authentication system, the authentication system updates the certificate to a user local file system, and meanwhile, the user locally loads the certificate into SSH agent service by calling a SSH client and tries to log in entrance SSH service of a public cloud or a private cloud machine room.
And (4): the entrance SSH proxy servers of each data center finish the basic login authority authentication of the user, and then forward the request to the server which the user really needs to login, at the moment, the real server can finish the legality and validity authentication of the user certificate through the Role group and the CA to which the real server belongs, if the authentication is successful, the server is allowed to login, the SSH proxy servers do not store and participate in the SSH authentication work, and the authentication is finished through the real server and the local SSH agent of the user.
And (5): the local client of the user applies for the certificate again before the local certificate expires periodically according to the previous session for logging in the authentication system for the first time in the using process, and dynamically updates the certificate into the ssh-agent until the whole session expires, the user is required to log in the authentication system again, the validity period of the whole session is more than or equal to the validity period of the certificate, but the maximum time is not more than 12 hours.
Preferably, in step (1), an organization has a uniform SSH CA stored on an internal secure server, and the SSH CA cannot be transmitted across servers or accessed by the outside, and can only invoke access through an internal certificate management center.
Preferably, in the step (2), the data center operation and maintenance personnel and the domain service administrator specify specific rights of Role corresponding to different departments/personnel, the data center allocates a corresponding Role group when creating the server, and the domain management allocates a corresponding Role to the user.
Preferably, in step (3), when the user joins the organization, a public key/private key pair satisfying the security requirement is generated on the personal work computer, and the public key is provided to the domain administrator.
Preferably, in the step (3), three modules, an authentication system, an issuing center and an SSH issuing system are independently developed inside, the authentication system verifies the user information and the role, applies for a certificate to the issuing center and distributes the certificate to the user, and the issuing system checks the user information and calls an SSH CA interface to issue the certificate corresponding to the user role.
Preferably, the SSH issuing system is located on an independent and secure server, and only exposes the issuing interface to the issuing center, and records related logs for auditing all issuing behaviors, and the issuing certificate validity can be dynamically configured in the issuing center, but the issuing interface itself only allows a certificate validity period of 8 hours at most.
The invention provides a two-step authentication auditing method based on SSH Certificate and LDAP, which has the beneficial effects that:
1. the invention realizes the ability of integrating the existing organization management system to manage the public key of the user on the server, reduces the requirement of instantly configuring the public key of the server, introduces the validity concept into the certificate, declares the available valid time and the attribution role of the public key/private key of the user, simultaneously increases the function of a certificate revocation list, and greatly improves the safety and the convenience.
2. In the traditional safety management mode, whether the traditional safety management mode is based on a password, a public key/private key has a sensitive information leakage risk, under the mode of the technical scheme, the leakage of an account password or a public key/private key does not expose the login permission of the server, all effective authentication information of a user is taken immediately, an effective certificate has a short life cycle and has audit capability, and meanwhile, the system provides a detection mechanism for abnormal repeated signing and issuing behaviors.
3. The unified authentication system has the advantages that the core server is generally only located in an organization or a single data center, the opening of a cross-country network and a complex private cloud data center can expose the risk of organization assets and the possibility of network or hacker interception, the instability of login authentication service is greatly increased, all subsequent authentications are performed through a digital signature mode after internal authentication is completed, a third-party system is not involved in the authentication of the cross-country network server, and the availability of the whole service is ensured as much as possible.
4. The system of the invention considers the situation of office in different places of organization members in a large organization environment, can be separated from the limit of the OA VPN in a short time after authentication and authentication are completed in the OA VPN network, is not influenced by the fault of the OA system, and provides greater flexibility.
Drawings
Fig. 1 is a flow chart of the user login authentication process of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, the present invention provides a technical solution: a two-step authentication auditing method based on SSH Certificate and LDAP comprises the following steps;
step (1): when a domain administrator creates a user in a domain (or LDAP) server, a corresponding ObjectClass attribute is created for the user to store sshpublickey and Role information, and a corresponding user public key and a Role corresponding to the authority which can be obtained by the user are filled in, because of safety consideration, the internal requirement can only input a public key pair based on an ED25519 algorithm, and the domain administrator audits the public key security algorithm and the authority corresponding to the Role;
the organization has the internal domain server (or LDAP) service to manage and edit the information of the user;
an organization has a uniform SSH CA stored on an internal safe server, cannot be transmitted across servers or accessed by the outside, and can only call access through an internal certificate management center.
Step (2): the method comprises the steps that operation and maintenance personnel are given roles in a data center according to business layer requirements or departments, a web server belongs to a web-admin group, a database server belongs to a db-admin group, the role group to which the server belongs is marked when the server applies for creation, an organization CA is configured on the server, in order to avoid abuse of an original password and a public key system on the server, a system administrator can close password authentication and public key authentication modes in SSH service, and only can log in the server through a certificate authentication mode;
the data center operation and maintenance personnel and the domain service administrator clearly specify the specific Role rights corresponding to different departments/personnel, the data center allocates corresponding Role groups when a server is established, and the domain management allocates corresponding roles for users.
And (3): the method comprises the steps that a user automatically requests to sign and issue a Role certificate distributed by a company domain administrator on a work PC through logging in an internal authentication system of the company, after the authentication system finishes user login and authenticates the affiliated Role, the user and Role certificate request is sent to a background certificate signing and issuing system, the signing and issuing system can verify the relationship between the user and the Role again, if the verification is successful, a CA interface is called to sign and issue a corresponding certificate and return the certificate to the authentication system, the authentication system updates the certificate to a user local file system, and meanwhile, the user locally loads the certificate into SSH agent service through calling a SSH client and tries to log in entrance SSH service of a public cloud or a private cloud machine room;
when a user joins an organization, a public key/private key pair meeting the safety requirement is generated on a personal work computer, and the public key is provided for a domain administrator;
the system comprises three modules, an authentication system, an issuing center and an SSH issuing system, wherein the authentication system verifies user information and roles, applies for a certificate to the issuing center and distributes the certificate to a user, and the issuing system checks the user information and calls an SSH CA interface to issue the certificate corresponding to the user roles;
the SSH issuing system is positioned on an independent and safe server, only exposes the issuing interface to the issuing center, records related logs for auditing all issuing behaviors, and can dynamically configure issuing certificate timeliness in the issuing center, but the issuing interface only allows the certificate validity period of 8 hours at most.
And (4): the entrance SSH proxy servers of each data center finish the basic login authority authentication of the user, and then forward the request to the server which the user really needs to login, at the moment, the real server can finish the legality and validity authentication of the user certificate through the Role group and the CA to which the real server belongs, if the authentication is successful, the server is allowed to login, the SSH proxy servers do not store and participate in the SSH authentication work, and the authentication is finished through the real server and the local SSH agent of the user.
And (5): the local client of the user applies for the certificate again before the local certificate expires periodically according to the previous session for logging in the authentication system for the first time in the using process, and dynamically updates the certificate into the ssh-agent until the whole session expires, the user is required to log in the authentication system again, the validity period of the whole session is more than or equal to the validity period of the certificate, but the maximum time is not more than 12 hours.
According to the embodiment of the invention, an open flexible authority management and control system is provided by combining a department role and a digital signature of a certificate, and a dynamically configurable quasi-real-time authority management system is realized aiming at the current real service scenes of public cloud/private cloud, multi-region and cross-international service and under the condition of not relating to the transformation of remote software of a cloud data center server.
The authentication information related to the user is that the domain (or LDAP service) administrator creates sshpublicKey attribute and Role attribute for the user on the domain management server and fills in the public key of the user and the server Role information inside the organization (the part of information does not relate to security risk), so that the internal system can inquire authentication.
In the data center, the boundary is clearly managed by defining the Role group to which the user Role and the server belong, all servers of the data center are configured with organization CA (certificate authority) for verifying the certificate of the user, and the server assets also clearly identify the belonging Role group and the application label when being created.
The user completes one authentication in the organization through a domain (or LDAP) service and applies for issuing a temporary certificate with a valid role and a validity period of 1 hour (configurable), and the user logs in and verifies the server of each data center through the private key of the personal computer and the temporary certificate.
Each data center server can complete the authentication of the user only by completing the role of the user certificate and the role of the user certificate through the unified CA public key and completing the verification of the digital signature and the validity check, the communication in the step is based on the SSH protocol, the protocol transformation is not involved, and the safety of the protocol is also ensured uniformly by services.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (6)
1. A two-step authentication auditing method based on SSH Certificate and LDAP is characterized in that: comprises the following steps;
step (1): when a domain administrator creates a user in a domain or an LDAP server, the domain administrator creates a corresponding ObjectClass attribute for the user to store sshpublickey and Role information, and fills a corresponding user public key and a Role corresponding to the authority which can be obtained by the user, because of safety consideration, the internal requirement can only input a public key pair based on an ED25519 algorithm, and the domain administrator audits the public key security algorithm and the authority corresponding to the Role;
step (2): the method comprises the steps that operation and maintenance personnel are given roles in a data center according to business layer requirements or departments, a web server belongs to a web-admin group, a database server belongs to a db-admin group, the role group to which the server belongs is marked when the server applies for creation, an organization CA is configured on the server, in order to avoid abuse of an original password and public key system on the server, a system administrator can close password authentication and public key authentication modes in SSH service, and only can log in the web server and the database server through a certificate authentication mode;
and (3): the method comprises the steps that a user automatically requests to sign and issue a Role certificate distributed by a company domain administrator on a work PC through logging in an internal authentication system of a company, after the authentication system finishes user login and authenticates the affiliated Role, the user and Role certificate request is sent to a background certificate SSH signing and issuing system, the SSH signing and issuing system can verify the relationship between the user and the Role again, if verification is successful, a CA interface is called to sign and issue a corresponding certificate and return the certificate to the authentication system, the authentication system updates the certificate to a user local file system, and meanwhile, the user locally loads the certificate to SSH agent service through calling a SSH client and tries to log in entrance SSH service of a public cloud or private cloud machine room;
the internal independent development three modules comprise an authentication system, an issuing center and an SSH issuing system, wherein the authentication system verifies user information and roles, applies for certificates to the issuing center and distributes the certificates to users, and the issuing system checks the user information and calls an SSH CA interface to issue the certificates corresponding to the user roles;
and (4): the entrance SSH proxy servers of each data center finish the basic login authority authentication of the user, and then forward the request to the server which the user really needs to login, at the moment, the real server can finish the legality and validity authentication of the user certificate through the Role group and CA to which the real server belongs, if the authentication is successful, the real server is allowed to login, the SSH proxy servers do not store nor participate in the SSH authentication work, and the authentication is finished through the real server and the local SSH agent of the user;
and (5): the local client of the user applies for the certificate again before the local certificate expires periodically according to the previous session for logging in the authentication system for the first time in the using process, and dynamically updates the certificate into the ssh-agent until the whole session expires, the user is required to log in the authentication system again, the validity period of the whole session is more than or equal to the validity period of the certificate, but the maximum time is not more than 12 hours.
2. The SSH Certificate and LDAP-based two-step authentication auditing method according to claim 1, characterized by that: in the step (1), the internal owned domain server or LDAP service of the organization can manage and edit the information of the user.
3. The SSH Certificate and LDAP-based two-step authentication auditing method according to claim 1, characterized by that: in the step (1), an organization has a uniform SSH CA stored in an internal safe server, and the SSH CA cannot be transmitted across servers or accessed by the outside and can only call access through an internal certificate management center.
4. The SSH Certificate and LDAP-based two-step authentication auditing method according to claim 1, characterized by that: in the step (2), the data center operation and maintenance personnel and the domain service administrator specify the specific Role rights corresponding to different departments/personnel, the data center allocates a corresponding Role group when the server is created, and the domain service administrator allocates a corresponding Role for the user.
5. The SSH Certificate and LDAP-based two-step authentication auditing method according to claim 1, characterized by that: in step (3), when the user joins the organization, a public key/private key pair meeting the security requirement is generated on the personal work computer, and the public key is provided for the domain administrator.
6. The SSH Certificate and LDAP-based two-step authentication auditing method according to claim 1, characterized by that: the SSH issuing system is positioned on an independent and safe server, only exposes the issuing interface to the issuing center, records relevant logs for auditing all issuing behaviors, and can be dynamically configured in the issuing center, but the issuing interface only allows the validity period of the certificate of 8 hours to the maximum.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010899475.4A CN111953491B (en) | 2020-09-01 | 2020-09-01 | SSH Certificate and LDAP based two-step authentication auditing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010899475.4A CN111953491B (en) | 2020-09-01 | 2020-09-01 | SSH Certificate and LDAP based two-step authentication auditing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111953491A CN111953491A (en) | 2020-11-17 |
| CN111953491B true CN111953491B (en) | 2022-06-10 |
Family
ID=73368109
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010899475.4A Active CN111953491B (en) | 2020-09-01 | 2020-09-01 | SSH Certificate and LDAP based two-step authentication auditing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111953491B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113779095B (en) * | 2021-11-11 | 2022-04-01 | 江苏荣泽信息科技股份有限公司 | Job title rating electronic certificate supervision system based on block chain technology |
| CN114205170B (en) * | 2021-12-21 | 2023-11-17 | 厦门安胜网络科技有限公司 | Bridging port platform networking communication and service encryption calling method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101296230A (en) * | 2008-06-17 | 2008-10-29 | 浙江大学 | Web service security control mechanism based on PKI and PMI |
| CN102571873A (en) * | 2010-12-31 | 2012-07-11 | 上海可鲁系统软件有限公司 | Bidirectional security audit method and device in distributed system |
| CN102970299A (en) * | 2012-11-27 | 2013-03-13 | 西安电子科技大学 | File safe protection system and method thereof |
| CN105577656A (en) * | 2015-12-17 | 2016-05-11 | 北京荣之联科技股份有限公司 | Unified identity authentication method based on cloud platform |
| WO2016210013A1 (en) * | 2015-06-23 | 2016-12-29 | Veritas Technologies Llc | System and method for centralized configuration and authentication |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7069440B2 (en) * | 2000-06-09 | 2006-06-27 | Northrop Grumman Corporation | Technique for obtaining a single sign-on certificate from a foreign PKI system using an existing strong authentication PKI system |
| US10003458B2 (en) * | 2011-12-21 | 2018-06-19 | Ssh Communications Security Corp. | User key management for the secure shell (SSH) |
| US20170270131A1 (en) * | 2016-03-18 | 2017-09-21 | Conjur, Inc. | Synchronization and management of heterogeneous host directories in a security environment |
-
2020
- 2020-09-01 CN CN202010899475.4A patent/CN111953491B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101296230A (en) * | 2008-06-17 | 2008-10-29 | 浙江大学 | Web service security control mechanism based on PKI and PMI |
| CN102571873A (en) * | 2010-12-31 | 2012-07-11 | 上海可鲁系统软件有限公司 | Bidirectional security audit method and device in distributed system |
| CN102970299A (en) * | 2012-11-27 | 2013-03-13 | 西安电子科技大学 | File safe protection system and method thereof |
| WO2016210013A1 (en) * | 2015-06-23 | 2016-12-29 | Veritas Technologies Llc | System and method for centralized configuration and authentication |
| CN105577656A (en) * | 2015-12-17 | 2016-05-11 | 北京荣之联科技股份有限公司 | Unified identity authentication method based on cloud platform |
Non-Patent Citations (1)
| Title |
|---|
| 刘军平.统一认证技术研究与实现.《CNKI优秀硕士学位论文全文库》.2008,(第03期),第1-61页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111953491A (en) | 2020-11-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108964885B (en) | Authentication method, device, system and storage medium | |
| CN112822675B (en) | MEC environment-oriented OAuth 2.0-based single sign-on mechanism | |
| US8387137B2 (en) | Role-based access control utilizing token profiles having predefined roles | |
| CN101931613B (en) | Centralized authenticating method and centralized authenticating system | |
| US20020112186A1 (en) | Authentication and authorization for access to remote production devices | |
| CN110535851A (en) | A kind of customer certification system based on oauth2 agreement | |
| CN111898149B (en) | User management system and method for multiple organizations | |
| CN111953491B (en) | SSH Certificate and LDAP based two-step authentication auditing method | |
| CN109462595A (en) | Data-interface secure exchange method based on RestFul | |
| CN113360862A (en) | Unified identity authentication system, method, electronic device and storage medium | |
| US7428748B2 (en) | Method and system for authentication in a business intelligence system | |
| RU2415466C1 (en) | Method of controlling identification of users of information resources of heterogeneous computer network | |
| CN108111518B (en) | Single sign-on method and system based on secure password proxy server | |
| CN111010396A (en) | Internet identity authentication management method | |
| US20200382509A1 (en) | Controlling access to common devices using smart contract deployed on a distributed ledger network | |
| CN112039910B (en) | Method, system, equipment and medium for unified management of authentication and authority | |
| CN115277059B (en) | Control method for aircraft archive authority management based on blockchain | |
| CN110708298A (en) | Method and device for centralized management of dynamic instance identity and access | |
| CN116488868A (en) | Server security access method, device and storage medium | |
| CN112291244A (en) | Multi-tenant method for industrial production data real-time processing platform system | |
| CN113259350A (en) | Cryptographic user authorization and authentication system based on key generation algorithm | |
| CN112019539A (en) | Authentication method, device, equipment and readable medium for private cloud | |
| CN114900372B (en) | Resource protection system based on zero trust security sentinel system | |
| CN111064695A (en) | Authentication method and authentication system | |
| CN111447090A (en) | Configuration management and control system among multi-service systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |