CN113037719B - Security interface gateway system based on return access address - Google Patents
Security interface gateway system based on return access address Download PDFInfo
- Publication number
- CN113037719B CN113037719B CN202110214641.7A CN202110214641A CN113037719B CN 113037719 B CN113037719 B CN 113037719B CN 202110214641 A CN202110214641 A CN 202110214641A CN 113037719 B CN113037719 B CN 113037719B
- Authority
- CN
- China
- Prior art keywords
- platform
- path
- sub
- token
- gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The invention discloses a safety interface gateway system based on return access address, comprising: the method comprises the steps that a third-party platform and a security interface gateway exchange key module, the third-party platform obtains a security interface gateway token module, the third-party platform obtains a subsystem token module, and the third-party platform calls a subsystem function interface module by using the security interface gateway token, the token of the subsystem and a digital signature; the invention can uniformly schedule, authenticate and can provide different interface access authorities for different third parties. All operations can also be uniformly recorded in a log, and the sub-platform address, the account number and the password are protected and are not exposed to a third party; different accounts, passwords and authorities do not need to be set for different third parties independently, and authority maintenance is easier to perform.
Description
Technical Field
The invention belongs to the technical field of gateways, and particularly relates to a security interface gateway system based on a return access address.
Background
At present, a software ecosphere generally provides interface services through cooperation among a plurality of platforms or to the outside, and a third party often needs to provide a corresponding access address, an account and a password when needing to interact with a sub-platform. If a plurality of sub-platforms need to be called, a plurality of sets of account passwords exist, each account password and authority need to be set in the corresponding platform or system, and platform maintenance personnel and user personnel are troublesome. Meanwhile, a third-party caller needs to provide information such as a plurality of platform access addresses, account numbers, passwords and the like, and the security is not very high.
Disclosure of Invention
The invention aims to overcome the defects and provides a security interface gateway system based on a return access address, which comprises:
the third-party platform and the security interface gateway exchange key module are used for firstly applying corresponding account number and password, RSAwithMD5 key pairs and configuring account numbers, passwords and access rights of corresponding sub-platform interfaces when the third-party platform uses the security interface gateway;
the third party platform acquires a security interface gateway token module: a token for the caller to use the authentication information to obtain the secure interface gateway;
the third party platform acquires a sub-platform token module: the system comprises a security interface gateway, a token and a sub-platform, wherein the security interface gateway is used for calling an interface packaged by a corresponding sub-platform through the security interface gateway to perform sub-platform authentication and acquire related path information and the token of the sub-platform; a calling party initiates a request through a related path, and the security interface gateway performs authority verification on the request path, analyzes the path into a real sub-platform path and acquires an account password of a corresponding sub-platform; replacing the path, the account and the password in the calling request of the calling party with the actual path, the account and the password information of the sub-platform, and forwarding the token of the sub-platform to the sub-platform; the sub-platform returns an authentication result to the security interface gateway, and the security gateway encapsulates path information in the returned authentication information into a security gateway address according to an address encapsulation rule; then forwarding the returned header and the encapsulated information to the caller;
the third party platform uses the security interface gateway token, the token of the sub-platform, the digital signature to call the sub-platform functional interface module, and the caller requests the sub-platform functional interface from the gateway and needs to add 2 pieces of authentication information at the head: token of security gateway and token of sub-platform, 1 signature: signature based on RSAwithMD 5; the request path is a packaged security interface gateway path acquired during the certification of the sub-platform, and other request methods and information are in a sub-platform standard format; after receiving the request of the caller, the security gateway carries out security gateway token, interface authority and signature verification in sequence, then carries out request path analysis and forwards the head and data to the sub-platform according to the analyzed address; and after receiving the information returned by the sub-platform, the security gateway encapsulates the url information in the data according to the encapsulation address rule, signs according to the signature rule and returns the url information to the third party caller.
The address encapsulation rule is as follows: base64 encoding of the security interface gateway master address/interface type returned by the sub-platform/path information returned by the sub-platform.
The signature rule is as follows: the signature generated by encrypting the requested functional path + parameter + body using the RSAwithMD5 using the private key is stored in the header information.
The address resolution rule is as follows: and (3) the base64 encoding in the encapsulation address of the request is analyzed into a sub-platform real path and replaced into a main request path, and the base64 encoding following functional path is kept unchanged.
When the safety interface gateway system works, an authentication request is initiated to the gateway, and parameters are as follows: account number, password, user type;
verifying the account number, the password and the user type;
returning to a security interface gateway token;
initiating an OpenStack authentication request to a gateway, wherein the parameters comprise OpenStack standard authentication interface parameters and a security interface gateway token;
verifying a security interface gateway token and an interface access authority;
acquiring OpenStack authentication information from a database, and replacing the authentication information in the third party request;
initiating an authentication request to an OpenStack platform;
an OpenStack platform authentication request;
returning an OpenStack platform authentication result;
the safety interface gateway packages the path information in the authentication result of the OpenStack platform;
returning authentication information to a third-party platform, wherein the authentication information comprises the token and the node information of the OpenStack;
initiating an OpenStack functional interface call request to a security interface gateway, wherein the request path is a packaged path, and the request parameters are OpenStack standard authentication interface parameters, security interface gateway token, token of OpenStack and digital signature;
verifying a token of a security interface gateway, an interface calling authority, a token of an OpenStack and a digital signature;
decrypting the request path called by the third party according to the path decryption rule to obtain a real OpenStack access path;
forwarding a third-party platform request according to the real OpenStack access path;
OpenStack processes the request;
returning OpenStack data;
if the OpenStack data contains path data, packaging and replacing the path according to a path packaging rule;
adding a digital signature of the returned data in the header information according to the signature rule;
and returning the encapsulated data to the third-party platform.
The invention has the following effects: 1. unified scheduling, authentication and authorization can provide different interface access authorities for different third parties. All operations may also be logged uniformly. 2. Protecting the sub-platform address, the account number and the password from being exposed to a third party; different accounts, passwords and authorities do not need to be independently set for different third parties, and authority maintenance is easier to perform. 3. The request and response data are encrypted bidirectionally (RSAwithMD5) to ensure data security. 4. The interface rules of the sub-platform are completely followed, and the sub-platform does not need to be modified. 5. The invention only encodes the main path and adds corresponding authentication and key information in the header in the original direct calling mode without changing the original calling mode and data format, thereby greatly saving the secondary development cost of the calling party.
Detailed Description
The invention is further illustrated by the following specific examples:
a return access address based secure interface gateway system comprising:
the safety interface gateway provides functions of authentication, digital signature, URL encapsulation and the like, provides data safety interaction between a third-party platform and a sub-platform, and is mainly realized by four parts: the third party platform and the secure interface gateway exchange keys. And the third party platform acquires a security interface gateway token. And the third-party platform acquires the token of the sub-platform. And the third party platform calls the functional interface of the sub-platform by using the security interface gateway token, the token of the sub-platform and the digital signature.
The third party platform and the security interface gateway exchange keys: when using the security interface gateway, the third-party platform (caller) first applies for a corresponding account password and RSAwithMD5 key pair (since bidirectional authentication is used, the caller also needs to provide a set of key pair and provide a public key to the security interface gateway), and configures the account, password and access right of the corresponding sub-platform interface.
The third party platform acquires a security interface gateway token: and the caller acquires the token of the security interface gateway by using the authentication information. When a caller uses the authentication information to obtain a token of the security interface gateway, the caller can extract the authentication information, the authentication information comprises normal authentication information and abnormal authentication information, and a test set and a training set are obtained from the authentication information; collecting lexical analysis data of the authentication information, labeling identification symbols on the lexical analysis data, collecting syntax trees of the authentication information to generate a plurality of syntax tree nodes, adding label vectors, drawing CFG (computational fluid dynamics) of the authentication information, and connecting the nodes to function call nodes with data interrelations to obtain a source code relational graph of the authentication information; constructing a multi-dimensional eigenvector space, extracting variable name values of authentication information and permutation combinations of the variable names and the operational characters, wherein the first permutation combination is associated with the 1 st bit of the eigenvector, the second permutation combination is associated with the 2 nd bit of the eigenvector, and numbers in the eigenvector correspond to different variable name value values or the occurrence times of the permutation combinations; storing the times corresponding to the features in the positions in the corresponding vector space to obtain eigenvectors; inputting the eigenvector into a classifier comprising a plurality of decision trees for training, and constructing P judgment models for the trained classifier comprising the decision trees, wherein the P judgment models are used for detecting abnormal authentication information in the authentication information, the 1 st judgment model consists of two classifiers, and the P judgment model consists of one classifier; wherein i is an integer of 1 to P-1; if the judgment results of the two classifiers in the ith judgment model are the same, judging that the task is finished; if the judgment results of the two classifiers in the ith judgment model are different, continuing to judge through the (i + 1) th judgment model; if the judgment results obtained by the two classifiers in the P-1 judgment model are different, judging through a P judgment model, wherein the P judgment model obtains the judgment result based on one classifier in the N judgment model; when P is 3, namely a first judgment model, a second judgment model and a third judgment model; the first judgment model is composed of a classifier of the structured semantic representation of the first authentication information and the structured semantic representation of the second authentication information; the second judgment model is composed of a classifier of structured semantic representation of third authentication information and structured semantic representation of fourth authentication information; the third judgment model is composed of a classifier represented by the structured semantic representation of third authentication information or a classifier represented by the structured semantic representation of fourth authentication information, the structured semantic representation of the first authentication information, the structured semantic representation of the second authentication information, the structured semantic representation of the third authentication information and the structured semantic representation of the fourth authentication information respectively select one of lexical analysis data, syntax tree, CFG and source code relational graph, the first authentication information characteristic is an arrangement combination of a variable name and an operator, and the second authentication information characteristic is a variable name value; or, the first authentication information characteristic is a variable name value, and the second authentication information characteristic is a permutation and combination of a variable name and an operator. The first judgment model consists of a classifier which is trained by the permutation and combination of variable names and operational characters of syntax trees and comprises a plurality of decision trees, and a classifier which is trained by the variable name values of lexical analysis data and comprises a plurality of decision trees; the second judgment model consists of a classifier which is trained by the permutation and combination of the variable name and the operational character of the CFG and comprises a plurality of decision trees, and a classifier which is trained by the variable name value of the source code relational graph and comprises a plurality of decision trees; the third judgment model is composed of a classifier which is trained by the permutation and combination of variable names and operators of the source code relational graph and comprises a plurality of decision trees. And the platform is prevented from being invaded by detecting abnormal authentication information.
The third party platform acquires a token of the sub-platform: and after the caller takes the token, the secure interface gateway calls the interface encapsulated by the corresponding sub-platform to carry out sub-platform authentication and acquire the relevant path information and the token of the sub-platform. The caller initiates a request through a related path, and the security interface gateway performs operations of authority verification on the request path, path analysis into a real sub-platform path, account password acquisition of a corresponding sub-platform and the like. And replacing the path, the account and the password in the calling request of the calling party with the actual path, account and password information of the sub-platform, and forwarding the token of the sub-platform to the sub-platform. The sub-platform returns the authentication result to the security interface gateway, and the security gateway encapsulates the path information in the returned authentication information into a security gateway address according to an address encapsulation rule (the address encapsulation rule is shown at the end of the current chapter). The returned header and encapsulated information is then forwarded to the caller.
The third party platform uses the security interface gateway token, the token of the sub-platform and the digital signature to call the functional interface of the sub-platform: the caller requests the sub-platform functional interface from the gateway and needs to add 2 pieces of authentication information at the header: token of security gateway and token of sub-platform, 1 signature: signature based on RSAwithMD5 (see the signature rule at the end of this chapter). The request path is a packaged security interface gateway path acquired during the certification of the sub-platform, and other request methods and information are in a sub-platform standard format. After receiving the request of the caller, the security gateway carries out security gateway token, interface authority and signature verification in sequence, then carries out request path analysis and forwards the head and data to the sub-platform according to the analyzed address. And after receiving the information returned by the sub-platform, the security gateway encapsulates the url information in the data according to the encapsulation address rule, signs according to the signature rule (the rule is shown at the end of the current chapter), and returns the information to the third-party caller.
And (3) address encapsulation rules: base64 encoding of the security interface gateway master address/interface type returned by the sub-platform/path information returned by the sub-platform.
Signature rules: the signature generated by encrypting the requested functional path + parameter + body using the RSAwithMD5 using the private key is stored in the header information.
The address resolution rule is as follows: and (3) the base64 encoding in the encapsulation address of the request is analyzed into a sub-platform real path and replaced into a main request path, and the base64 encoding following functional path is kept unchanged.
In a medical cloud management platform project, an OpenStack interface needs to be provided for a disaster recovery platform to complete related functions of disaster recovery, and a safety interface gateway scheme is used in consideration of problems of safety, authority control and the like.
And configuring information such as a disaster recovery platform account number, a password, an interface authority, a secret key and the like on the medical cloud and cloud management platform.
And the interface calling is completed according to the following steps:
1. initiating an authentication request to the gateway, wherein the parameters are as follows: account number, password, user type.
2. And verifying the account number, the password and the user type.
3. And returning to the security interface gateway token.
4. And initiating an OpenStack authentication request to the gateway, wherein the parameters comprise OpenStack standard authentication interface parameters and a security interface gateway token.
5. And verifying the token and the interface access authority of the safety interface gateway.
6. And acquiring OpenStack authentication information from the database, and replacing the authentication information in the third party request.
7. And initiating an authentication request to the OpenStack platform.
An OpenStack platform authentication request.
9. And returning an OpenStack platform authentication result.
10. And the safety interface gateway encapsulates the path information in the authentication result of the OpenStack platform.
11. And returning authentication information to the third-party platform, wherein the authentication information comprises the token and the node information of the OpenStack.
12. And initiating an OpenStack functional interface call request to the security interface gateway, wherein the request path is a packaged path, and the request parameters are OpenStack standard authentication interface parameters, security interface gateway token, token of OpenStack and digital signature.
13. And verifying the token of the security interface gateway, the interface calling authority, the token of the OpenStack and the digital signature.
14. And decrypting the request path called by the third party according to the path decryption rule to obtain a real OpenStack access path.
15. And forwarding the third-party platform request according to the real OpenStack access path.
OpenStack processes the request.
17. And returning OpenStack data.
18. And if the OpenStack data contains path data, packaging and replacing the path according to a path packaging rule.
19. And adding the digital signature of the returned data in the header information according to the signature rule.
20. And returning the packaged data to the third-party platform.
Wherein, the address encapsulation rule is as follows: base64 encoding of the security interface gateway master address/interface type returned by the sub platform/path information returned by the sub platform.
Before packaging
After packaging
Signature rules: the signature generated by encrypting the requested functional path + parameter + body using the RSAwithMD5 using the private key is stored in the header information.
Taking the example of a query mirror list interface, which is a GET call, without parameters and body signature part, only for path part signature (red part):
https://172.168.11.11/api/OpenStack/rest/image/aHR0cDovLzE3Mi4xNjguMTEuMjA5OjkyOTI=/v2/images
and (4) storing in the head:
the address resolution rule is: and (3) the base64 encoding in the encapsulation address of the request is analyzed into a sub-platform real path and replaced into a main request path, and the base64 encoding following functional path is kept unchanged.
Taking the interface of the query mirror list as an example, before analysis:
https://172.168.11.11/api/OpenStack/rest/image/aHR0cDovLzE3Mi4xNjguMTEuMjA5OjkyOTI=/v2/images
after analysis:
http://172.168.11.209:9292/v2/images。
Claims (5)
1. a return access address based secure interface gateway system comprising:
the third-party platform and the security interface gateway exchange key module are used for firstly applying corresponding account number and password, RSAwithMD5 key pairs and configuring account numbers, passwords and access rights of corresponding sub-platform interfaces when the third-party platform uses the security interface gateway;
the third party platform acquires a security interface gateway token module: a token for the caller to use the authentication information to obtain the secure interface gateway;
the third party platform acquires a sub-platform token module: the system comprises a security interface gateway, a token and a sub-platform, wherein the security interface gateway is used for calling an interface packaged by a corresponding sub-platform through the security interface gateway to perform sub-platform authentication and acquire related path information and the token of the sub-platform; a calling party initiates a request through a related path, and the security interface gateway performs authority verification on the request path, analyzes the path into a real sub-platform path and acquires an account password of a corresponding sub-platform; replacing the path, the account and the password in the calling request of the calling party with the actual path, the account and the password information of the sub-platform, and forwarding the token of the sub-platform to the sub-platform; the sub-platform returns an authentication result to the security interface gateway, and the security gateway encapsulates path information in the returned authentication information into a security gateway address according to an address encapsulation rule; then forwarding the returned header and the encapsulated information to the caller;
the third party platform uses the security interface gateway token, the token of the sub-platform, the digital signature to call the sub-platform functional interface module, and the caller requests the sub-platform functional interface from the gateway and needs to add 2 pieces of authentication information at the head: token of security gateway and token of sub-platform, 1 signature: signature based on RSAwithMD 5; the request path is a packaged security interface gateway path acquired during the certification of the sub-platform, and other request methods and information are in a sub-platform standard format; after receiving the request of the caller, the security gateway carries out security gateway token, interface authority and signature verification in sequence, then carries out request path analysis and forwards the head and data to the sub-platform according to the analyzed address; and after receiving the information returned by the sub-platform, the security gateway encapsulates the url information in the data according to the encapsulation address rule, signs according to the signature rule and returns the information to the third-party caller.
2. The return access address based secure interface gateway system of claim 1, wherein the address encapsulation rule: base64 encoding of the security interface gateway master address/interface type returned by the sub-platform/path information returned by the sub-platform.
3. A return access address based secure interface gateway system according to claim 1 or 2, wherein the signature rule is: the signature generated by encrypting the requested functional path + parameter + body using the RSAwithMD5 using the private key is stored in the header information.
4. A return access address based secure interface gateway system according to claim 1 or 2, wherein the address resolution rule is: and (3) the base64 encoding in the encapsulation address of the request is analyzed into a sub-platform real path and replaced into a main request path, and the base64 encoding following functional path is kept unchanged.
5. The return access address based secure interface gateway system of claim 4, wherein: when the safety interface gateway system works, an authentication request is initiated to the gateway, and parameters are as follows: account number, password, user type;
verifying the account number, the password and the user type;
returning to a security interface gateway token;
initiating an OpenStack authentication request to a gateway, wherein the parameters comprise OpenStack standard authentication interface parameters and a security interface gateway token;
verifying a security interface gateway token and an interface access authority;
acquiring OpenStack authentication information from a database, and replacing the authentication information in the third party request;
initiating an authentication request to an OpenStack platform;
an OpenStack platform authentication request;
returning an OpenStack platform authentication result;
the safety interface gateway packages the path information in the authentication result of the OpenStack platform;
returning authentication information to a third-party platform, wherein the authentication information comprises the token and the node information of the OpenStack;
initiating an OpenStack functional interface call request to a security interface gateway, wherein the request path is a packaged path, and the request parameters are OpenStack standard authentication interface parameters, security interface gateway token, token of OpenStack and digital signature;
verifying a token of a security interface gateway, an interface calling authority, a token of an OpenStack and a digital signature;
decrypting the request path called by the third party according to the path decryption rule to obtain a real OpenStack access path;
forwarding a third-party platform request according to the real OpenStack access path;
OpenStack processes the request;
returning OpenStack data;
if the OpenStack data contains path data, packaging and replacing the path according to a path packaging rule;
adding a digital signature of the returned data in the header information according to the signature rule;
and returning the encapsulated data to the third-party platform.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110214641.7A CN113037719B (en) | 2021-02-25 | 2021-02-25 | Security interface gateway system based on return access address |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110214641.7A CN113037719B (en) | 2021-02-25 | 2021-02-25 | Security interface gateway system based on return access address |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113037719A CN113037719A (en) | 2021-06-25 |
CN113037719B true CN113037719B (en) | 2022-09-20 |
Family
ID=76461940
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110214641.7A Active CN113037719B (en) | 2021-02-25 | 2021-02-25 | Security interface gateway system based on return access address |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113037719B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113419713A (en) * | 2021-07-20 | 2021-09-21 | 国家电网有限公司客户服务中心 | API packaging arrangement method for network national network service capability |
CN116996493B (en) * | 2023-09-27 | 2024-01-23 | 国网北京市电力公司 | Method, system, equipment and medium for requesting operation interface of artificial intelligent platform |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101741817A (en) * | 2008-11-21 | 2010-06-16 | 中国移动通信集团安徽有限公司 | System, device and method for multi-network integration |
CN111800397A (en) * | 2020-06-23 | 2020-10-20 | 四川虹美智能科技有限公司 | Login method, device and system of intangible asset management platform |
CN111865920A (en) * | 2020-06-18 | 2020-10-30 | 多加网络科技(北京)有限公司 | Gateway authentication and identity authentication platform and method thereof |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10536449B2 (en) * | 2015-09-15 | 2020-01-14 | Mimecast Services Ltd. | User login credential warning system |
US20200045037A1 (en) * | 2018-07-31 | 2020-02-06 | Salesforce.Com, Inc. | Token store service for platform authentication |
-
2021
- 2021-02-25 CN CN202110214641.7A patent/CN113037719B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101741817A (en) * | 2008-11-21 | 2010-06-16 | 中国移动通信集团安徽有限公司 | System, device and method for multi-network integration |
CN111865920A (en) * | 2020-06-18 | 2020-10-30 | 多加网络科技(北京)有限公司 | Gateway authentication and identity authentication platform and method thereof |
CN111800397A (en) * | 2020-06-23 | 2020-10-20 | 四川虹美智能科技有限公司 | Login method, device and system of intangible asset management platform |
Non-Patent Citations (1)
Title |
---|
基于数字证书的openstack身份认证协议;朱智强;《通信学报》;20190228;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN113037719A (en) | 2021-06-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6941146B2 (en) | Data security service | |
CN111447214B (en) | Method for centralized service of public key and cipher based on fingerprint identification | |
US8447983B1 (en) | Token exchange | |
CN113037719B (en) | Security interface gateway system based on return access address | |
US8990553B2 (en) | Perimeter encryption method and system | |
US20110035582A1 (en) | Network authentication service system and method | |
CN106685973A (en) | Method and device for remembering log in information, log in control method and device | |
CN108537314A (en) | Product marketing system and method based on Quick Response Code | |
CN108881327A (en) | A kind of computer internet information safety control system based on cloud computing | |
CN107196761B (en) | A kind of method of core function in protection application program | |
CN106992851A (en) | TrustZone-based database file password encryption and decryption method and device and terminal equipment | |
CN107294921A (en) | The processing method and processing device that a kind of web terminal is accessed | |
CN105262592A (en) | Data interaction method and API interface | |
CN110177134A (en) | A kind of security password manager and its application method based on cloudy storage | |
CN112131564A (en) | Encrypted data communication method, apparatus, device, and medium | |
CN109614789A (en) | A kind of verification method and equipment of terminal device | |
CN112347451A (en) | MES data management tracking method and system based on block chain technology | |
CN112416597A (en) | System calling method and device, computer equipment and storage medium | |
CN112865965B (en) | Train service data processing method and system based on quantum key | |
US11695740B2 (en) | Anonymization method and apparatus, device, and storage medium | |
CN113918977A (en) | User information transmission device based on Internet of things and big data analysis | |
CN113014572A (en) | Message communication system, method and device | |
KR100803357B1 (en) | Method and apparatus for enhancing the security of database | |
CN115033925B (en) | Database security retrieval method | |
CN113676446B (en) | Communication network safety error-proof control method, system, electronic equipment and medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20220824 Address after: Room A, 22nd Floor, Building 1, Area F, Fuzhou Software Park, No. 89, Software Avenue, Gulou District, Fuzhou City, Fujian Province, 350001 Applicant after: Fujian Kunmo Information Technology Co.,Ltd. Address before: No.746, Xiongchu Avenue, Hongshan District, Wuhan City, Hubei Province, 430000 Applicant before: Su Hao |
|
GR01 | Patent grant | ||
GR01 | Patent grant |