CN112769843A - Secure and trusted network guaranteeing method, device, equipment and storage medium - Google Patents

Secure and trusted network guaranteeing method, device, equipment and storage medium Download PDF

Info

Publication number
CN112769843A
CN112769843A CN202110058610.7A CN202110058610A CN112769843A CN 112769843 A CN112769843 A CN 112769843A CN 202110058610 A CN202110058610 A CN 202110058610A CN 112769843 A CN112769843 A CN 112769843A
Authority
CN
China
Prior art keywords
network element
trusted
element entity
information
entity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110058610.7A
Other languages
Chinese (zh)
Inventor
申为科
张会强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Rihai Feixin Information System Technology Co ltd
Original Assignee
Shenzhen Rihai Feixin Information System Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Rihai Feixin Information System Technology Co ltd filed Critical Shenzhen Rihai Feixin Information System Technology Co ltd
Priority to CN202110058610.7A priority Critical patent/CN112769843A/en
Publication of CN112769843A publication Critical patent/CN112769843A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention is suitable for the technical field of communication, and provides a method, a device, equipment and a storage medium for guaranteeing a safe and reliable network, wherein the method comprises the following steps: when a response message returned by a newly added first network element entity in the communication network is received, the information of the first network element entity is added to a current trusted network element list, and the trusted network element information generated based on the current trusted network element list is sent to the first network element entity, so that the first network element entity stores the trusted network element information to a local white list, and first network element update information generated based on the information of the first network element entity is broadcasted to the first trusted network element entity in the communication network, so that the first trusted network element entity adds the information of the first network element entity to the local white list, and the security of the communication network is ensured by automatically maintaining the local white list of the trusted network element entity when new equipment is added in the communication network.

Description

Secure and trusted network guaranteeing method, device, equipment and storage medium
Technical Field
The invention belongs to the technical field of communication, and particularly relates to a method, a device, equipment and a storage medium for guaranteeing a secure and trusted network.
Background
When network devices in a communication network are started up, the devices usually operate in the network as independent network elements. If a certain network element is planted with a Trojan horse or in a hijacked state, other network elements in the network cannot sense the certain network element and can continue to communicate with the planted Trojan horse or the hijacked network element, so that the safety of the communication network is reduced.
Disclosure of Invention
The invention aims to provide a method, a device, equipment and a storage medium for guaranteeing a secure and trusted network, and aims to solve the problem that the security of a communication network in the prior art is not high enough.
In one aspect, the present invention provides a secure and trusted network security method, which is applied to a trusted server side in a communication network, and the method includes the following steps:
when a response message which is returned by a first network element entity newly added in a communication network and used for indicating that credibility detection passes is received, adding information of the first network element entity into a current credible network element list to use the first network element entity as a credible network element entity in the communication network, and sending credible network element information generated based on the current credible network element list to the first network element entity so that the first network element entity stores the credible network element information into a local white list and performs data transmission according to the local white list;
broadcasting first network element update information generated based on the information of the first network element entity to a first trusted network element entity in a communication network, so that the first trusted network element entity adds the information of the first network element entity to a local white list, and performs data transmission according to the updated local white list, wherein the information of the first trusted network element entity is included in a current trusted network element list.
Preferably, the method further comprises:
controlling all trusted network element entities in the current trusted network element list to periodically execute trusted detection;
if the response message returned by the second trusted network element entity aiming at the current trusted detection period is not received, removing the information of the second trusted network element entity from the current trusted network element list;
and generating second network element update information based on the information of the second trusted network element entity, and broadcasting the second network element update information to a third trusted network element entity in the communication network, so that the third trusted network element entity removes the information of the second trusted network element entity from a local white list, and the information of the third trusted network element entity is contained in a current trusted network element list.
Preferably, the method further comprises:
and if the response message returned by the second trusted network element entity aiming at the current trusted detection period is not received, performing offline operation on the second trusted network element entity, or isolating the second trusted network element entity outside the communication network.
On the other hand, the invention provides a secure and trusted network guaranteeing method, which is applied to a network element entity side in a communication network, and comprises the following steps:
when a first network element entity body is powered on, the first network element entity executes credible detection;
if the credibility detection is passed, the first network element entity sends a response message used for indicating that the credibility detection is passed to a credibility server in a communication network, so that the credibility server adds the information of the first network element entity to a current credibility network element list based on the response message, and sends credibility network element information to the first network element entity and first network element update information to the first credibility network element entity, wherein the information of the first credibility network element entity is contained in the current credibility network element list;
when the first network element entity receives the trusted network element information, storing the trusted network element information to a local white list so as to perform data transmission according to the local white list;
and when the first trusted network element entity receives the first network element updating information, updating the information of the first network element entity to a local white list, so as to perform data transmission according to the updated local white list.
Preferably, the method further comprises:
the first network element entity is controlled by the trusted server and is used as a trusted network element entity to periodically execute trusted detection;
and when receiving second network element updating information sent by the trusted server, the first network element entity removes the information of the second trusted network element entity from a local white list, wherein the information of the second trusted network element entity is contained in the second network element updating information.
Preferably, the first and second electrodes are formed of a metal,
a process for performing trust detection, comprising:
the network element entity executes credibility self-check, wherein the network element entity is the first network element entity or any credible network element entity in the current credible list;
if the credible self-check passes, the network element entity executes credible authentication;
if the credible authentication passes, the network element entity returns the response message, wherein the response message is specifically used for representing that the credible authentication passes;
a process for performing a trusted self-test, comprising:
the network element entity executes hardware credibility self-check;
if the hardware credibility self-check is passed, the network element entity executes the software credibility self-check;
if the software credibility self-check passes, the network element entity determines that the credibility self-check passes;
a process for performing trusted authentication, comprising:
if the credible self-check is passed, the network element entity sends the generated security code to the credible server so that the credible server authenticates the received security code;
if receiving an authentication security code returned by the trusted server based on the security code, the network element entity verifies the authentication security code;
if the verification is passed, returning the response message;
the process of performing trusted self-test further comprises:
and if the hardware credibility self-check or the software self-check is not passed, the network element entity sends alarm information to a preset operation maintenance platform so that a user of the operation maintenance platform maintains the network element entity.
On the other hand, the invention provides a secure trusted network security device, which is applied to a trusted server side in a communication network, and the device comprises:
a network element information sending unit, configured to, when receiving a response message returned by a first network element entity newly added in a communication network and used to indicate that a trusted detection passes, add information of the first network element entity to a current trusted network element list, so as to use the first network element entity as a trusted network element entity in the communication network, and send trusted network element information generated based on the current trusted network element list to the first network element entity, so that the first network element entity stores the trusted network element information in a local white list, and performs data transmission according to the local white list; and
the first information broadcasting unit is configured to broadcast, to a first trusted network element entity in a communication network, first network element update information generated based on information of the first network element entity, so that the first trusted network element entity adds the information of the first network element entity to a local white list, and performs data transmission according to the updated local white list, where the information of the first trusted network element entity is included in a current trusted network element list.
On the other hand, the invention provides a secure and trusted network security device, which is applied to a network element entity side in a communication network, and the device comprises:
the detection execution unit is used for executing credible detection by the first network element entity when the first network element entity body is electrified;
a response message sending unit, configured to send, by the first network element entity, a response message used for indicating that the trusted detection passes to a trusted server in a communication network if the trusted detection passes, so that the trusted server adds, based on the response message, information of the first network element entity to a current trusted network element list, and causes the trusted server to send trusted network element information to the first network element entity and send first network element update information to the first trusted network element entity, where the information of the first trusted network element entity is included in the current trusted network element list;
a network element information storage unit, configured to store, when the first network element entity receives the trusted network element information, the trusted network element information to a local white list, so as to perform data transmission according to the local white list; and
and a first information updating unit, configured to update, when the first trusted network element entity receives the first network element update information, the information of the first network element entity to a local white list, so as to perform data transmission according to the updated local white list.
In another aspect, the present invention also provides an apparatus comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the method as described above when executing the computer program.
In another aspect, the present invention also provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the steps of the method as described above.
When a response message which is returned by a first network element entity newly added in a communication network and used for indicating that credibility detection passes is received, the information of the first network element entity is added into a current credible network element list, so that the first network element entity is used as a credible network element entity in the communication network, credible network element information generated based on the current credible network element list is sent to the first network element entity, so that the first network element entity stores the credible network element information into a local white list, data transmission is carried out according to the local white list, first network element updating information generated based on the information of the first network element entity is broadcasted to the first credible network element entity in the communication network, so that the first credible network element entity adds the information of the first network element entity to the local white list, and data transmission is carried out according to the updated local white list, so that the local white list of the credible network element entity is automatically maintained when new equipment is added in the communication network, the security of the communication network is guaranteed.
Drawings
Fig. 1 is a flowchart illustrating an implementation of a secure and trusted network provisioning method according to an embodiment of the present invention;
fig. 2 is a flowchart of an implementation of a secure and trusted network securing method according to a second embodiment of the present invention;
fig. 3 is a flowchart of an implementation of a secure and trusted network securing method according to a third embodiment of the present invention;
fig. 4 is a flowchart illustrating a secure trusted network provisioning method according to a fourth embodiment of the present invention;
fig. 5 is a flowchart illustrating a secure trusted network securing method according to a fifth embodiment of the present invention;
fig. 6 is a schematic structural diagram of a secure and trusted network security apparatus according to a sixth embodiment of the present invention;
fig. 7 is a schematic structural diagram of a secure and trusted network security apparatus according to a seventh embodiment of the present invention;
fig. 8 is a schematic structural diagram of an apparatus provided in an eighth embodiment of the present invention; and
fig. 9 is a schematic structural diagram of a communication system according to a ninth embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The following detailed description of specific implementations of the present invention is provided in conjunction with specific embodiments:
the first embodiment is as follows:
fig. 1 shows an implementation flow of a secure and trusted network securing method provided in an embodiment of the present invention, and for convenience of description, only parts related to the embodiment of the present invention are shown, which are detailed as follows:
in step S101, when a response message for indicating that the trusted detection passes is received, where the response message is returned by a first network element entity newly added to the communication network, the information of the first network element entity is added to a current trusted network element list, so that the first network element entity is used as a trusted network element entity in the communication network, and trusted network element information generated based on the current trusted network element list is sent to the first network element entity, so that the first network element entity stores the trusted network element information in a local white list, and performs data transmission according to the local white list.
The embodiment of the invention is suitable for a trusted server side in a communication network, in particular to a trusted server side in a 5G communication network, the communication network also comprises a plurality of network element entities, and the trusted server can execute the method based on an internal configuration strategy. The configuration policy may be used to indicate that data transmission may be performed between trusted network element entities in the trusted network element list, and further, for an untrusted network element entity (a network element entity outside the trusted network list), an offline operation may be performed or the untrusted network element entity may be isolated outside the communication network, and the trusted network element list may be automatically updated according to a trusted detection result of the network element entity in the communication network. Of course, for the untrusted network element entity, the untrusted network element entity may also be manually configured into the communication network by the user according to actual needs.
In a specific implementation, before information of a first network element entity is added to a current trusted network element list, for a network element entity (a first network element entity) newly added to a communication network, when a first network element entity body is powered on, the first network element entity performs trusted detection, and if the trusted detection passes, the first network element entity returns a response message for indicating that the trusted detection passes, and a trusted server in the communication network receives the response message. Preferably, the process of performing the trusted detection by the first network element entity includes that the first network element entity performs a trusted self-check, if the trusted self-check passes, the first network element entity and the trusted server perform trusted authentication, and if the trusted authentication passes, the first network element entity returns a response message, so that the validity of the trusted authentication is improved, and the security of the communication network is improved. The response message may specifically be a response message for indicating that the trusted authentication passes.
Further, in the process of executing trusted authentication, when receiving a security code sent by a first network element entity, the trusted server authenticates the security code, if the security code authentication passes, the trusted server generates an authentication security code based on the security code, and sends the authentication security code to the first network element entity, so that the first network element entity verifies the authentication security code, if the authentication security code verification passes, the trusted authentication passes, at this time, the first network element entity returns a response message, and the trusted server receives the response message returned by the network element entity, thereby improving the security of the communication network through bidirectional trusted authentication. Further, if the security code authentication fails, the trusted server may record information of the network element device, and generate alarm information indicating that the security code authentication fails according to the generated error code, so that a user of the trusted server can process the alarm information in time. The trusted server may be preset with a trusted algorithm for authenticating the security code, and the first network element entity may be preset with a security algorithm for verifying the authentication security code.
When the response message is received, it indicates that the trusted detection of the first network element entity passes, and at this time, the trusted server adds the information of the first network element entity to the current trusted network element list, and all the network element entities in the current trusted network element list are regarded as trusted network element entities. The information of the first network element entity may be address information of the first network element entity, that is, the current trusted network element list may include address information of all trusted network element entities. And further, sending trusted network element information generated based on the current trusted network element list to the first network element entity, and when the first network element entity receives the trusted network element information, the first network element entity stores the trusted network element information to a local white list and performs data transmission according to the local white list. In other words, the first network element entity can only perform data transmission with the network element entities in the local white list, and does not perform data transmission with network element entities outside the local white list.
In step S102, first network element update information generated based on the information of the first network element entity is broadcast to a first trusted network element entity in the communication network, so that the first trusted network element entity adds the information of the first network element entity to a local white list, and performs data transmission according to the updated local white list.
In the embodiment of the present invention, the information of the first trusted network element entity is contained in the current trusted network element list, and the first trusted network element entity may be all trusted network element entities in the trusted network element list except the first network element entity, may also be a trusted network element entity of the same type as the first network element entity in the trusted network element list, and may also be a trusted network element entity in the trusted network element list, which has a direct communication association with the first network element entity, and may specifically be determined according to actual needs. And after the first trusted network element entity adds the information of the network element entity to the local white list, the local white list is updated, and the first trusted network element entity performs data transmission according to the updated local white list. The local white list of the first trusted network element entity is used for indicating the network element entity of the first trusted network element entity capable of performing data transmission in the communication network.
In the embodiment of the present invention, when a response message for indicating that the trusted detection passes is received, which is returned by a newly added first network element entity in the communication network, the information of the first network element entity is added to a current trusted network element list, so that the first network element entity is used as a trusted network element entity in the communication network, and trusted network element information generated based on the current trusted network element list is sent to the first network element entity, so that the first network element entity stores the trusted network element information to a local white list, and performs data transmission according to the local white list, and broadcasts first network element update information generated based on the information of the first network element entity to the first trusted network element entity in the communication network, so that the first trusted network element entity adds the information of the first network element entity to the local white list, and performs data transmission according to the updated local white list, wherein the information of the first trusted network element entity is included in the current trusted network element list, therefore, the safety of the communication network is guaranteed by automatically maintaining the local white list of the trusted network element entity when new equipment is added into the communication network.
Example two:
fig. 2 shows an implementation flow of a secure and trusted network securing method provided by the second embodiment of the present invention, and for convenience of description, only the relevant parts related to the second embodiment of the present invention are shown, which are detailed as follows:
in step S201, all trusted network element entities in the current trusted network element list are controlled to periodically perform trusted detection.
In the embodiment of the present invention, a trusted detection period may be preset for the trusted network element entities in the trusted network element list, for example, the trusted network element entity is controlled to perform the trusted test every 5 minutes, and the initial testing time of the trusted testing period of each trusted network element entity is the same or different, for example, the trusted server starts timing with the time when each trusted network element entity returns a response message for the first time, periodically sending a periodic trusted detection instruction to the trusted network element entity according to a set trusted detection period, so that the trusted network element entity periodically performs the trusted detection, as another example, the trusted server periodically broadcasts periodic detection instructions to all trusted network element entities in the trusted network element list according to a set trusted self-check period when adding the information of the first network element entity in the trusted network list, so that all trusted network element entities in the current trusted network element list periodically perform a trusted check. The process of performing the trusted detection by the trusted network element entity in the trusted network element list may refer to the description of performing the trusted detection by the first network element entity in the first embodiment, which is not described herein again.
In step S202, if a response message returned by the second trusted network element entity for the current trusted detection period is not received, the information of the second trusted network element entity is removed from the current trusted network element list.
In the embodiment of the present invention, a time length threshold may be preset, where the time length threshold may be determined based on a time difference between sending of the periodic detection instruction and receiving of the response message in each trusted detection cycle, and the time length threshold may also be determined based on a time difference (second time difference) between receiving of the response message in two adjacent trusted detection cycles, and timing is started from a time when the periodic detection instruction of the current trusted detection cycle is sent or a time when the response message is received from a previous trusted detection cycle, and if the response messages of the trusted network element entities are received within the time length threshold, it indicates that all the trusted network element entities in the trusted detection cycle may still be regarded as trusted network element entities; if the response message returned by the second network element entity for the current credible detection period is not received after the timing duration reaches the preset time threshold, it indicates that the credible detection of the second credible network element entity in the current credible detection period fails, and the second credible network element entity is no longer regarded as a credible network element entity, and at this time, the information of the second credible network element entity is removed from the current credible network element list. The second network element entity may be one or more network element entities that do not return a response message in the current trusted network list.
Preferably, if a response message returned by the second trusted network element entity for the current trusted detection period is not received, the second trusted network element entity is subjected to offline operation, or the second trusted network element entity is isolated outside the communication network, so that the security of the network is further guaranteed.
In step S203, second network element update information is generated based on the information of the second trusted network element entity, and the second network element update information is broadcast to a third trusted network element entity in the communication network, so that the third trusted network element entity removes the information of the second trusted network element entity from the local whitelist.
In the embodiment of the present invention, after the second network element update information is generated, the second network element update information is broadcast to a third trusted network element entity in the communication network, and the third trusted network element entity removes the information of the second trusted network element entity from the local white list when receiving the second network element update information, so that the trusted network element entity is deleted from the white list of the third trusted network element entity in time when the trusted network element entity is not trusted, thereby implementing automatic update of the local white list, and further improving the security of the communication network. The information of the third trusted network element entity is contained in the current trusted network element list, the third trusted network element entity is the same as or different from the first trusted network element entity, and the specific description of the third trusted network element entity may refer to the related description of the first trusted network element entity, which is not described herein again.
In the embodiment of the present invention, all trusted network element entities in the current trusted network element list are controlled to periodically perform trusted detection, if a response message returned by the second trusted network element entity for the current trusted detection period is not received, information of the second trusted network element entity is removed from the current trusted network element list, second network element update information is generated based on the information of the second trusted network element entity, and the second network element update information is broadcasted to a third trusted network element entity in the communication network, so that the third trusted network element entity removes the information of the second trusted network element entity from the local white list, the information of the third trusted network element entity is included in the current trusted network element list, so that the trusted network element entities are controlled to periodically perform trusted detection, and the untrusted network element entities in the local white list are timely and automatically removed according to the result of the periodic trusted detection of the trusted network element entities, the security of the communication network is further improved.
Example three:
fig. 3 shows an implementation flow of a secure and trusted network securing method provided by the second embodiment of the present invention, and for convenience of description, only the relevant parts related to the second embodiment of the present invention are shown, which are detailed as follows:
in step S301, when the first network element entity body is powered on, the first network element entity performs trusted detection.
The embodiment of the present invention is applicable to a network element entity in a communication network, and is particularly applicable to a network element entity in a 5G communication network, taking the 5G communication network as an example, the network element entity may be a base station, or any network element entity (e.g., a UPF (User Plane Function) entity, an SMF (Session Management Function) entity, an AMF (Access and Mobility Management Function) entity, or an MEC (Multi-Access Edge Computing) entity in a 5G core network. The first network element entity is a network element entity newly added into the communication network, and when the first network element entity body is powered on, the first network element entity executes credible detection.
In the process of performing the trusted detection by the first network element entity, preferably, the first network element entity performs a trusted self-check, if the trusted self-check passes, the first network element entity performs trusted authentication, and if the trusted authentication passes, the first network element entity returns a response message, so that the validity of the trusted authentication is improved, and further the security of the communication network is improved, wherein the response message may be specifically used to indicate that the trusted authentication passes.
In the process of performing the trusted self-check, preferably, the first network element entity performs the hardware trusted self-check, if the hardware trusted self-check passes, the first network element entity performs the software trusted self-check, and if the software trusted self-check passes, the first network element entity determines that the trusted self-check passes, so that the comprehensiveness of the trusted self-check is improved, and the security of the communication network is further improved. Further, if the hardware trusted self-check or the software self-check fails, the first network element entity sends alarm information to a preset operation and maintenance platform, so that a user of the operation and maintenance platform maintains the first network element entity. In the specific implementation, an address of an operation and maintenance platform can be pre-stored in each network element entity, if the trusted self-check of the hardware fails, the hardware of the first network element entity is started and stopped, and first warning information used for indicating that the trusted self-check of the network element entity hardware fails can be sent to the operation and maintenance platform according to the stored address of the operation and maintenance platform; and if the software credibility self-check fails, starting and stopping the first network element entity software, and sending second alarm information for indicating that the credibility self-check of the network element entity software fails to pass to the operation and maintenance platform according to the saved address of the operation and maintenance platform, so that a user of the operation and maintenance platform can timely maintain the network element entity with abnormal credibility self-check based on the first or second alarm information.
In the process of performing trusted authentication by the first network element entity, preferably, if the trusted self-check passes, the first network element entity sends the generated security code to the trusted server, so that the trusted server authenticates the received security code, if the authenticated security code returned by the trusted server based on the security code is received, the first network element entity verifies the authenticated security code, if the verification passes, it is determined that the trusted authentication of the first network element entity passes, and at this time, a response message indicating that the trusted authentication passes is returned, thereby improving the security of the communication network. Further, if the authentication security code is not verified, alarm information can be sent to the operation and maintenance platform according to the generated error code, and the operation and maintenance platform is timely notified to a user for maintenance.
In step S302, if the trusted detection passes, the first network element entity sends a response message used for indicating that the trusted detection passes to a trusted server in the communication network, so that the trusted server adds information of the first network element entity to a current trusted network element list based on the response message, and sends trusted network element information to the first network element entity and first network element update information to the first trusted network element entity.
In this embodiment of the present invention, the first network element update information may be used to instruct the first trusted network element entity to add the information of the first network element entity to the local white list, where the information of the first trusted network element entity is included in the current trusted network element list. Specifically, when the trusted server receives a response message returned by the first network element entity, the trusted server adds the information of the first network element entity to the current trusted network element list, and sends first network element update information generated based on the information of the first network element entity to the first trusted network element entity. The first trusted network element entity is included in the current trusted network source list, and the specific description of the first trusted network element entity may refer to the related description in the first embodiment, which is not described herein again.
In step S303, when the first network element entity receives the trusted network element information, the trusted network element information is stored in the local white list, so as to perform data transmission according to the local white list.
In the embodiment of the present invention, before the trusted network element information is stored in the local white list, it may be further checked whether the information in the local white list is completely deleted, and if not, the information in the local white list is deleted. The local white list of the first network element entity is used to indicate the network element entity that the first network element entity can perform data transmission in the communication network, and when receiving the trusted network element information sent by the trusted server, the first network element entity can perform data transmission based on the local white list.
After the trusted network element information is stored in the local white list, preferably, the trusted network element information is controlled by the trusted server, the first network element entity periodically performs trusted detection as the trusted network element entity, and when receiving second network element update information sent by the trusted server, the first network element entity removes the information of the second trusted network element entity from the local white list, so that when the second trusted network element entity is not trusted, the second trusted network element entity is deleted from the local white list in time, automatic update of the local white list is realized, and further, the security of the communication network is further improved. The information of the second trusted network element entity is contained in second network element update information, where the second network element update information is used to instruct the first network element entity to remove the information of the second network element entity from the local whitelist, and the second trusted network element entity is one or more trusted network element entities that do not return a response message in the trusted network element list. In a specific implementation, the first network element entity is used as a trusted network element entity, and the trusted detection is periodically performed according to the received periodic self-check instruction sent by the trusted server, and reference may be made to the description of performing the trusted detection by the first network element entity in step S301 for a specific implementation manner in which the first network element entity is used as the trusted network element entity, which is not described herein again. .
In step S304, when the first trusted network element entity receives the first network element update information, the information of the first network element entity is updated to the local white list, so as to perform data transmission according to the updated local white list.
In this embodiment of the present invention, the first trusted network element entity may specifically refer to the related description in the foregoing first embodiment, which is not described herein again.
In the real-time example of the present invention, when the first network element entity is powered on, the first network element entity performs trusted detection, and if the trusted detection passes, the first network element entity sends a response message indicating that the trusted detection passes to a trusted server in the communication network, so that the trusted server adds information of the first network element entity to a current trusted network element list based on the response message, and sends trusted network element information to the first network element entity and first network element update information to the first trusted network element entity, wherein the information of the first trusted network element entity is included in the current trusted network element list, when the first network element entity receives the trusted network element information, the trusted network element information is saved to a local white list for data transmission according to the local white list, when the first trusted network element entity receives the first network element update information, and updating the information of the first network element entity to the local white list so as to transmit data according to the updated local white list, thereby improving the safety of the communication network by automatically maintaining the local white list.
Example four:
fig. 4 shows an implementation flow example of a secure and trusted network securing method provided by the fourth embodiment of the present invention, and for convenience of description, only the parts related to the embodiment of the present invention are shown, which are detailed as follows:
in step S401, when the first network element entity is powered on, the first network element entity performs a hardware trusted self-check, if the hardware trusted self-check passes, step S402 is performed, otherwise step S413 is performed;
in step S402, the first network element entity performs software trusted self-check, if the software trusted self-check passes, step S403 is performed, otherwise, step S413 is performed;
in step S403, the first network element entity sends the generated security code to the trusted server;
in step S404, the trusted server authenticates the received security code;
in step S405, if the authentication passes, the trusted server sends an authentication security code generated based on the security code to the first network element entity;
in step S406, the first network element entity verifies the authentication security code, if the verification passes, step S407 is executed, otherwise step S413 is executed;
in step S407, the first network element entity sends a response message indicating that the trusted authentication passes to the trusted server;
in step S408, the trusted server adds the information of the first network element entity to the trusted network element list, so as to use the first network element entity as a trusted network element entity, and executes step S409 and step S411 respectively;
in step S409, the trusted server sends trusted network element information generated based on the current trusted network element list to the first network element entity;
in step S410, the first network element entity stores the trusted network element information in a local white list, so as to perform data transmission according to the local white list;
in step S411, the trusted server generates first network element update information based on the information of the first network element entity, and broadcasts the first network element update information to the first trusted network element entity in the trusted network list, where the information of the first trusted network element entity is included in the current trusted network list;
in step S412, the first trusted network element entity adds the information of the first network element entity to the local white list according to the first network element update information, so as to perform data transmission according to the updated white list;
in step S413, the alarm information is sent to the operation and maintenance platform.
In the embodiment of the present invention, the detailed implementation of steps S401 to S413 may refer to the related descriptions of the first to third embodiments, and are not repeated herein.
Example five:
fig. 5 shows an implementation flow example of a secure and trusted network securing method provided by the fifth embodiment of the present invention, and for convenience of description, only parts related to the fifth embodiment of the present invention are shown, which are detailed as follows:
in step S501, when a preset trusted detection period arrives, the trusted server broadcasts a periodic detection instruction to all trusted network element entities in the trusted network list;
in step S502, each trusted network element entity in the trusted network list performs a trusted detection based on the periodic detection instruction;
in step S503, if the trusted server does not receive a response message returned by the second trusted network element entity for the current trusted detection period, removing the information of the second trusted network element entity from the current trusted network element list;
in step S504, second network element update information is generated based on the information of the second trusted network element entity, and the second network element update information is broadcast to a third trusted network element entity in the current trusted list;
in step S505, the third trusted network element entity removes the information of the second network element entity from the local white list according to the second network element update information, so as to perform data transmission according to the updated white list.
In the embodiment of the present invention, the detailed implementation of steps S501 to S505 may refer to the description of the first to third embodiments, and will not be described herein again.
It should be noted that, in practical cases, the methods described in the first embodiment and the second embodiment may be performed synchronously, and the methods described in the fourth embodiment and the fifth embodiment may be performed synchronously.
Example six:
fig. 6 shows a structure of a secure trusted network provisioning apparatus provided in a sixth embodiment of the present invention, which is applied to a trusted server side in a communication network, and for convenience of description, only a part related to the embodiment of the present invention is shown, where the structure includes:
a network element information sending unit 61, configured to, when receiving a response message returned by a first network element entity newly added in the communication network and used for indicating that the trusted detection passes, add information of the first network element entity to a current trusted network element list, so that the first network element entity is used as a trusted network element entity in the communication network, and send trusted network element information generated based on the current trusted network element list to the first network element entity, so that the first network element entity stores the trusted network element information in a local white list, and performs data transmission according to the local white list; and
the first information broadcasting unit 62 is configured to broadcast, to a first trusted network element entity in the communication network, first network element update information generated based on information of the first network element entity, so that the first trusted network element entity adds the information of the first network element entity to a local white list, and performs data transmission according to the updated local white list, where the information of the first trusted network element entity is included in a current trusted network element list.
Preferably, the apparatus further comprises:
the detection control unit is used for controlling all the credible network element entities in the current credible network element list to periodically execute credible detection;
the first information deleting unit is used for removing the information of the second trusted network element entity from the current trusted network element list if a response message returned by the second trusted network element entity for the current trusted detection period is not received; and
and the second information updating unit is used for generating second network element updating information based on the information of the second trusted network element entity and broadcasting the second network element updating information to a third trusted network element entity in the communication network so that the third trusted network element entity removes the information of the second trusted network element entity from the local white list, and the information of the third trusted network element entity is contained in the current trusted network element list.
Preferably, the apparatus further comprises:
and the network element entity isolation unit is used for performing offline operation on the second trusted network element entity or isolating the second trusted network element entity outside the communication network if a response message returned by the second trusted network element entity for the current trusted detection period is not received.
In the embodiment of the present invention, each unit of the secure and trusted network security apparatus may be implemented by a corresponding hardware or software unit, and each unit may be an independent software or hardware unit, or may be integrated into a software or hardware unit, which is not limited herein. For specific implementation of each unit of the secure and trusted network security apparatus, reference may be made to the description of the foregoing method embodiment, and details are not described here again.
Example seven:
fig. 7 shows a structure of a secure trusted network securing apparatus provided by a seventh embodiment of the present invention, and for convenience of description, only the parts related to the embodiment of the present invention are shown, which include:
a detection execution unit 71, configured to, when the first network element entity body is powered on, execute trusted detection by the first network element entity;
a response message sending unit 72, configured to send, if the trusted detection passes, a response message used for indicating that the trusted detection passes to a trusted server in the communication network by the first network element entity, so that the trusted server adds information of the first network element entity to a current trusted network element list based on the response message, and sends trusted network element information to the first network element entity and first network element update information to the first trusted network element entity, where the information of the first trusted network element entity is included in the current trusted network element list; and
a network element information saving unit 73, configured to, when the first network element entity receives the trusted network element information, save the trusted network element information to a local white list, so as to perform data transmission according to the local white list; and
the first information updating unit 74 is configured to, when the first trusted network element entity receives the first network element update information, update the information of the first network element entity to the local white list, so as to perform data transmission according to the updated local white list.
Preferably, the apparatus further comprises:
the first network element entity is used as a credible network element entity to periodically execute credible detection; and
and the second information deleting unit is used for removing the information of the second trusted network element entity from the local white list by the first network element entity when receiving the second network element updating information sent by the trusted server, wherein the information of the second trusted network element entity is contained in the second network element updating information.
In the embodiment of the present invention, each unit of the secure and trusted network security apparatus may be implemented by a corresponding hardware or software unit, and each unit may be an independent software or hardware unit, or may be integrated into a software or hardware unit, which is not limited herein. For specific implementation of each unit of the secure and trusted network security apparatus, reference may be made to the description of the foregoing method embodiment, and details are not described here again.
Example eight:
fig. 8 shows a structure of an apparatus according to an eighth embodiment of the present invention, and for convenience of description, only a portion related to the embodiment of the present invention is shown.
The apparatus 8 of an embodiment of the invention comprises a processor 80, a memory 81 and a computer program 82 stored in the memory 81 and executable on the processor 80. When the processor 80 executes the computer program 82, the steps in the above-described method embodiments are implemented, for example, steps S101 to S102 shown in fig. 1, steps S201 to S203 shown in fig. 2, and steps S301 to S304 shown in fig. 3. Alternatively, the processor 80, when executing the computer program 82, implements the functions of the units in the above-described device embodiments, such as the functions of the units 61 to 63 shown in fig. 6, and the functions of the units 71 to 74 shown in fig. 7.
In the embodiment of the invention, when a response message which is returned by a newly added first network element entity in the communication network and used for indicating that the credibility detection passes is received, the information of the first network element entity is added into a current credible network element list, so that the first network element entity is used as a credible network element entity in the communication network, and the credible network element information generated based on the current credible network element list is sent to the first network element entity, so that the first network element entity stores the credible network element information into a local white list, and performs data transmission according to the local white list, and broadcasts first network element update information generated based on the information of the first network element entity to the first credible network element entity in the communication network, so that the first credible network element entity adds the information of the first network element entity to the local white list, and performs data transmission according to the updated local white list, thereby automatically maintaining the local white list of the credible network element entity when a new device is added in the communication network, the security of the communication network is guaranteed.
Example nine:
fig. 9 shows a structure of a communication system according to a ninth embodiment of the present invention, and only a part related to the embodiment of the present invention is shown for convenience of explanation.
The communication system 9 of the embodiment of the present invention includes a trusted server 90 and a plurality of network element entities 91, where the trusted server 90 includes a secure trusted network security device as described in the fourth embodiment, and the network element entities 91 include a secure trusted network security device as described in the fifth embodiment.
Preferably, the communication system 9 further includes an operation and maintenance platform, configured to receive the alarm information sent by the network element entity or the trusted server, so as to perform maintenance on the trusted server or the network element entity through the operation and maintenance platform.
In the embodiment of the invention, when a response message which is returned by a newly added first network element entity in the communication network and used for indicating that the credibility detection passes is received, the information of the first network element entity is added into a current credible network element list, so that the first network element entity is used as a credible network element entity in the communication network, and the credible network element information generated based on the current credible network element list is sent to the first network element entity, so that the first network element entity stores the credible network element information into a local white list, and performs data transmission according to the local white list, and broadcasts first network element update information generated based on the information of the first network element entity to the first credible network element entity in the communication network, so that the first credible network element entity adds the information of the first network element entity to the local white list, and performs data transmission according to the updated local white list, thereby automatically maintaining the local white list of the credible network element entity when a new device is added in the communication network, the security of the communication network is guaranteed.
Example ten:
in an embodiment of the present invention, a computer-readable storage medium is provided, which stores a computer program, and when the computer program is executed by a processor, the computer program implements the steps in the above method embodiments, such as steps S101 to S102 shown in fig. 1, steps S201 to S203 shown in fig. 2, and steps S301 to S304 shown in fig. 3. Alternatively, the computer program may be adapted to perform the functions of the units of the above-described embodiments of the apparatus, such as the functions of the units 61 to 63 shown in fig. 6 and the functions of the units 71 to 74 shown in fig. 7, when being executed by the processor.
In the embodiment of the invention, when a response message which is returned by a newly added first network element entity in the communication network and used for indicating that the credibility detection passes is received, the information of the first network element entity is added into a current credible network element list, so that the first network element entity is used as a credible network element entity in the communication network, and the credible network element information generated based on the current credible network element list is sent to the first network element entity, so that the first network element entity stores the credible network element information into a local white list, and performs data transmission according to the local white list, and broadcasts first network element update information generated based on the information of the first network element entity to the first credible network element entity in the communication network, so that the first credible network element entity adds the information of the first network element entity to the local white list, and performs data transmission according to the updated local white list, thereby automatically maintaining the local white list of the credible network element entity when a new device is added in the communication network, the security of the communication network is guaranteed.
The computer readable storage medium of the embodiments of the present invention may include any entity or device capable of carrying computer program code, a recording medium, such as a ROM/RAM, a magnetic disk, an optical disk, a flash memory, or the like.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (10)

1. A secure trusted network securing method is applied to a trusted server side in a communication network, and comprises the following steps:
when a response message which is returned by a first network element entity newly added in a communication network and used for indicating that credibility detection passes is received, adding information of the first network element entity into a current credible network element list to use the first network element entity as a credible network element entity in the communication network, and sending credible network element information generated based on the current credible network element list to the first network element entity so that the first network element entity stores the credible network element information into a local white list and performs data transmission according to the local white list;
broadcasting first network element update information generated based on the information of the first network element entity to a first trusted network element entity in a communication network, so that the first trusted network element entity adds the information of the first network element entity to a local white list, and performs data transmission according to the updated local white list, wherein the information of the first trusted network element entity is included in a current trusted network element list.
2. The method of claim 1, wherein the method further comprises:
controlling all trusted network element entities in the current trusted network element list to periodically execute trusted detection;
if the response message returned by the second trusted network element entity aiming at the current trusted detection period is not received, removing the information of the second trusted network element entity from the current trusted network element list;
and generating second network element update information based on the information of the second trusted network element entity, and broadcasting the second network element update information to a third trusted network element entity in the communication network, so that the third trusted network element entity removes the information of the second trusted network element entity from a local white list, and the information of the third trusted network element entity is contained in a current trusted network element list.
3. The method of claim 2, wherein the method further comprises:
and if the response message returned by the second trusted network element entity aiming at the current trusted detection period is not received, performing offline operation on the second trusted network element entity, or isolating the second trusted network element entity outside the communication network.
4. A secure and trusted network securing method is applied to a network element entity side in a communication network, and comprises the following steps:
when a first network element entity body is powered on, the first network element entity executes credible detection;
if the credibility detection is passed, the first network element entity sends a response message used for indicating that the credibility detection is passed to a credibility server in a communication network, so that the credibility server adds the information of the first network element entity to a current credibility network element list based on the response message, and sends credibility network element information to the first network element entity and first network element update information to the first credibility network element entity, wherein the information of the first credibility network element entity is contained in the current credibility network element list;
when the first network element entity receives the trusted network element information, storing the trusted network element information to a local white list so as to perform data transmission according to the local white list;
and when the first trusted network element entity receives the first network element updating information, updating the information of the first network element entity to a local white list, so as to perform data transmission according to the updated local white list.
5. The method of claim 1, wherein the method further comprises:
the first network element entity is controlled by the trusted server and is used as a trusted network element entity to periodically execute trusted detection;
and when receiving second network element updating information sent by the trusted server, the first network element entity removes the information of the second trusted network element entity from a local white list, wherein the information of the second trusted network element entity is contained in the second network element updating information.
6. The method of any one of claims 1 to 5,
a process for performing trust detection, comprising:
the network element entity executes credibility self-check, wherein the network element entity is the first network element entity or any credible network element entity in the current credible list;
if the credible self-check passes, the network element entity executes credible authentication;
if the credible authentication passes, the network element entity returns the response message, wherein the response message is specifically used for representing that the credible authentication passes;
a process for performing a trusted self-test, comprising:
the network element entity executes hardware credibility self-check;
if the hardware credibility self-check is passed, the network element entity executes the software credibility self-check;
if the software credibility self-check passes, the network element entity determines that the credibility self-check passes;
a process for performing trusted authentication, comprising:
if the credible self-check is passed, the network element entity sends the generated security code to the credible server so that the credible server authenticates the received security code;
if receiving an authentication security code returned by the trusted server based on the security code, the network element entity verifies the authentication security code;
if the verification is passed, returning the response message;
the process of performing trusted self-test further comprises:
and if the hardware credibility self-check or the software self-check is not passed, the network element entity sends alarm information to a preset operation maintenance platform so that a user of the operation maintenance platform maintains the network element entity.
7. A secure trusted network provisioning apparatus applied to a trusted server side in a communication network, the apparatus comprising:
a network element information sending unit, configured to, when receiving a response message returned by a first network element entity newly added in a communication network and used to indicate that a trusted detection passes, add information of the first network element entity to a current trusted network element list, so as to use the first network element entity as a trusted network element entity in the communication network, and send trusted network element information generated based on the current trusted network element list to the first network element entity, so that the first network element entity stores the trusted network element information in a local white list, and performs data transmission according to the local white list; and
the first information broadcasting unit is configured to broadcast, to a first trusted network element entity in a communication network, first network element update information generated based on information of the first network element entity, so that the first trusted network element entity adds the information of the first network element entity to a local white list, and performs data transmission according to the updated local white list, where the information of the first trusted network element entity is included in a current trusted network element list.
8. A secure trusted network provisioning apparatus, applied to a network element entity side in a communication network, the apparatus comprising:
the detection execution unit is used for executing credible detection by the first network element entity when the first network element entity body is electrified;
a response message sending unit, configured to send, by the first network element entity, a response message used for indicating that the trusted detection passes to a trusted server in a communication network if the trusted detection passes, so that the trusted server adds, based on the response message, information of the first network element entity to a current trusted network element list, and causes the trusted server to send trusted network element information to the first network element entity and send first network element update information to the first trusted network element entity, where the information of the first trusted network element entity is included in the current trusted network element list;
a network element information storage unit, configured to store, when the first network element entity receives the trusted network element information, the trusted network element information to a local white list, so as to perform data transmission according to the local white list; and
and a first information updating unit, configured to update, when the first trusted network element entity receives the first network element update information, the information of the first network element entity to a local white list, so as to perform data transmission according to the updated local white list.
9. An apparatus comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any of claims 1 to 6 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 6.
CN202110058610.7A 2021-01-16 2021-01-16 Secure and trusted network guaranteeing method, device, equipment and storage medium Pending CN112769843A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110058610.7A CN112769843A (en) 2021-01-16 2021-01-16 Secure and trusted network guaranteeing method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110058610.7A CN112769843A (en) 2021-01-16 2021-01-16 Secure and trusted network guaranteeing method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN112769843A true CN112769843A (en) 2021-05-07

Family

ID=75702314

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110058610.7A Pending CN112769843A (en) 2021-01-16 2021-01-16 Secure and trusted network guaranteeing method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112769843A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023092951A1 (en) * 2021-11-29 2023-06-01 华为技术有限公司 Remote attestation application method, apparatus, device, and system, and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006148197A (en) * 2004-11-16 2006-06-08 Nippon Telegr & Teleph Corp <Ntt> Apparatus, method, and program of distribution management for user information
CN101588244A (en) * 2009-05-08 2009-11-25 中兴通讯股份有限公司 Method and system for authenticating network device
CN102026198A (en) * 2009-09-16 2011-04-20 中兴通讯股份有限公司 System and method for rapid authentication of Bluetooth equipment
CN106027518A (en) * 2016-05-19 2016-10-12 中国人民解放军装备学院 Trusted network connection method based on quasi real-time state feedback
US20200014697A1 (en) * 2018-07-04 2020-01-09 Microsoft Technology Licensing, Llc Whitelisting of trusted accessors to restricted web pages

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006148197A (en) * 2004-11-16 2006-06-08 Nippon Telegr & Teleph Corp <Ntt> Apparatus, method, and program of distribution management for user information
CN101588244A (en) * 2009-05-08 2009-11-25 中兴通讯股份有限公司 Method and system for authenticating network device
CN102026198A (en) * 2009-09-16 2011-04-20 中兴通讯股份有限公司 System and method for rapid authentication of Bluetooth equipment
CN106027518A (en) * 2016-05-19 2016-10-12 中国人民解放军装备学院 Trusted network connection method based on quasi real-time state feedback
US20200014697A1 (en) * 2018-07-04 2020-01-09 Microsoft Technology Licensing, Llc Whitelisting of trusted accessors to restricted web pages

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023092951A1 (en) * 2021-11-29 2023-06-01 华为技术有限公司 Remote attestation application method, apparatus, device, and system, and storage medium

Similar Documents

Publication Publication Date Title
US11375363B2 (en) Secure updating of telecommunication terminal configuration
JP5795622B2 (en) Verification and management of wireless device platforms
CN104917749A (en) Account registration method and device
CN105282047A (en) Access request processing method and device
CN111355684B (en) Internet of things data transmission method, device and system, electronic equipment and medium
CN108696356B (en) Block chain-based digital certificate deleting method, device and system
CN112640365B (en) Controller area network CAN bus secure communication method and device
EP3270318A1 (en) Dynamic security module terminal device and method for operating same
US11928449B2 (en) Information processing method, device, apparatus and system, medium, andprogram
CN112887282A (en) Identity authentication method, device and system and electronic equipment
CN112311769A (en) Method, system, electronic device and medium for security authentication
CN112769843A (en) Secure and trusted network guaranteeing method, device, equipment and storage medium
CN108092777B (en) Method and device for supervising digital certificate
CN111104655B (en) BMC login method and related device
US11190351B2 (en) Key generation method and acquisition method, private key update method, chip, and server
JP2023535474A (en) ASSOCIATION CONTROL METHOD AND RELATED DEVICE
KR100824298B1 (en) Method for scheduling device management and terminal thereof
CN109802929A (en) Client-side program upgrade method and computer readable storage medium based on dual system
CN110351726B (en) Terminal authentication method and device
EP3163488B1 (en) Message sender authentication
US20180270215A1 (en) Personal assurance message over sms and email to prevent phishing attacks
CN116662938B (en) Authorization method, application running method and device based on container cluster management system
EP4336433A1 (en) User data management method and related device
US11190546B2 (en) Secure failsafe apparatus
CN109474644B (en) Security protection method, device, equipment, WAF and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210507