CN113051350A - Zero trust network access system based on block chain - Google Patents
Zero trust network access system based on block chain Download PDFInfo
- Publication number
- CN113051350A CN113051350A CN202110450834.2A CN202110450834A CN113051350A CN 113051350 A CN113051350 A CN 113051350A CN 202110450834 A CN202110450834 A CN 202110450834A CN 113051350 A CN113051350 A CN 113051350A
- Authority
- CN
- China
- Prior art keywords
- access
- blockchain
- module
- trust
- network access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/23—Updating
- G06F16/2365—Ensuring data consistency and integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The zero trust network access system based on the block chain, which is disclosed by the application, is connected with user equipment and an application system requesting access, and comprises: a trust proxy component; an access control component connected to the trust proxy component; one end of the access control component is connected with the trust proxy component, and the other end of the access control component is connected with the application system; the access control component and the application system are arranged in the same network; an enterprise directory blockchain system for storing and distributing critical data for zero trust network access; the enterprise directory blockchain system comprises a plurality of blockchain consensus nodes; the blockchain consensus node is in communication with the trust proxy component, the access control component, and the application system. Compared with the prior art, the method can solve the problem of single-point failure, can timely and consistently share and synchronously update the key data in network access, unifies the data format and the control rule, and realizes safe and efficient integration.
Description
Technical Field
The present application relates to the field of blockchain technologies, and in particular, to a zero trust network access system based on blockchain.
Background
Zero Trust Network Access (ZTNA) is a product and service that creates an identity and context based logical access boundary that encloses a user and an application or set of applications. The access policy of ZTNA is mainly based on the identity of the user, device, and application, and the implementation only allows access to a specific application or application system, not the underlying network. Compared with traditional means such as VPN and DMZ, ZTNA limits excessive access of users to all ports and protocols or all application programs, and avoids the risk of arbitrary intrusion of the system.
At present, a typical zero trust network access system architecture mainly includes: endpoint-initiated ZTNA and service-initiated ZTNA, there are also products on the market that mix these two technologies simultaneously. In the above system composition of zero trust network access, the user access needs to rely on "trust proxy" to implement the verification of the identity authority. The trust proxy needs an enterprise directory identity data end integrated with a back end to realize sharing and updating of configuration data such as control strategies, user tokens and the like. Based on this, the existing zero trust network access system has some disadvantages: a trust proxy may become a single point of failure; if a plurality of trust proxies are deployed to solve the problem of single point failure, the problems of untimely, inconsistent and low safety of the sharing and synchronization of key data such as control strategies, user tokens, user identities and the like among the plurality of trust proxies can be encountered; and when the authorized user group of the application system is across organization subjects and across country regions, the problem that the user identity data is difficult to integrate can be faced due to data format difference, compliance rule difference and system interface difference.
Therefore, how to provide a zero trust network access system based on a block chain, which can solve the problem of single point of failure, can timely and consistently share and synchronously update key data in network access, unify data formats and control rules, and realize safe and efficient integration, has become a technical problem to be solved by those skilled in the art.
Disclosure of Invention
In order to solve the technical problems, the application provides a zero trust network access system based on a block chain, which can solve the problem of single-point failure, share and synchronously update key data in network access timely and consistently, unify data formats and control rules, and realize safe and efficient integration.
The technical scheme provided by the application is as follows:
the application provides a zero trust network access system based on a block chain, which comprises: the trust proxy component is used for receiving the access request of the user equipment and verifying the identity authority of the user; an access control component connected to the trust proxy component; one end of the access control component is connected with the trust proxy component, and the other end of the access control component is connected with an application system which the user equipment requests to access; the access control component and the application system are arranged in the same network; an enterprise directory blockchain system for storing and distributing critical data for zero trust network access; the enterprise directory blockchain system comprises a plurality of blockchain consensus nodes; the blockchain consensus node is communicated with the trust proxy component, the access control component and the application system.
Further, in a preferred form of the invention, the trust proxy component includes: the system comprises an identity authentication module, an access permission module and a session management module; the identity verification module, the access permission module and the session management module are in communication connection with the enterprise directory blockchain system, and read and upload the key data for updating the zero trust network access.
Further, in a preferred mode of the invention, the identity verification module is configured to read the key data and verify validity of an identity of a user initiating the access request; the access permission module is connected with the identity authentication module, generates a permission token based on the key data and establishes session access connection; the session management module is connected with the access permission module and used for managing the permission token, the session state and the permission connection data.
Further, in a preferred mode of the invention, the access permission module includes: a license token generation unit communicatively coupled to the enterprise directory blockchain system; an access session establishing unit provided in parallel with the license token generating unit.
Further, in a preferred mode of the invention, the session management module includes: a license token management unit in communication with the enterprise directory blockchain system; a session state management unit and a license connection management unit provided in parallel with the license token management unit.
Further, in a preferred mode of the invention, the trust proxy component further includes: the front-end access module is in communication connection with the user equipment and used for receiving an access request of the user equipment; the front end butting module is connected with the identity verification module and sends an access request to the identity verification module.
Further, in a preferred mode of the invention, a plurality of the trust proxy components are arranged, and the plurality of the trust proxy components are arranged in different networks; the application systems are arranged in a plurality of numbers and are respectively arranged in different organization bodies; the blockchain consensus nodes are respectively in communication connection with the trust proxy components in different networks and application systems in different organization bodies.
Further, in a preferred mode of the invention, the key data includes: user identity data, access policy data, permission token data, and application connection configuration data.
Further, in a preferred mode of the invention, the enterprise directory blockchain system includes: a data layer, a network layer, a consensus layer, and a contract layer.
Further, in a preferred form of the invention, the trust proxy component comprises a network access controller; the access control component comprises: an access gateway and a network access connector; the access control component is in communication connection with the enterprise directory blockchain system and is used for reading and uploading and updating the key data.
Compared with the prior art, the zero trust network access system based on the block chain comprises the following steps: the trust proxy component is used for receiving the access request of the user equipment and verifying the identity authority of the user; an access control component connected to the trust proxy component; one end of the access control component is connected with the trust proxy component, and the other end of the access control component is connected with an application system which the user equipment requests to access; the access control component and the application system are arranged in the same network; an enterprise directory blockchain system for storing and distributing critical data for zero trust network access; the enterprise directory blockchain system comprises a plurality of blockchain consensus nodes; the blockchain consensus node is communicated with the trust proxy component, the access control component and the application system. The user equipment sends an access request, and receives the access request by using the trust proxy component; the enterprise directory blockchain system stores key data of network access, the trust proxy component is used for connecting the enterprise directory blockchain system, and identity validity of an access user is verified by reading and updating the key data; the access control component is connected with the application system and the trust proxy component, and if the user verification is valid, the access connection is established; secondly, by utilizing the block chain consensus node which is in communication connection with the trust proxy component, the access control component and the application system, the key data can be uploaded and updated in time, so that the safety consistency of the key data is ensured, and the data format and the control rule are unified. Compared with the prior art, the technical scheme of the invention can solve the problem of single-point failure, can timely and consistently share and synchronously update the key data in network access, unify the data format and the control rule, and realize safe and efficient integration.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic block diagram of a block chain-based zero-trust network access system according to an embodiment of the present invention;
FIG. 2 is a block diagram illustrating a block chain-based zero trust network access system with multiple trust proxy components in an embodiment of the present invention;
FIG. 3 is a block diagram illustrating the structure of a trust proxy component according to an embodiment of the present invention;
fig. 4 is a block diagram illustrating a block chain system of an enterprise directory according to an embodiment of the present invention.
Description of reference numerals:
a user equipment 1; an application system 2; a trust proxy component 3; a front-end docking module 301; an identity verification module 302; an access permission module 303; a session management module 304; enterprise directory blockchain system 4; a contract layer 501; a consensus layer 502; a network layer 503; a data layer 504; a blockchain consensus node 6; an access control component 7; an intranet system 8; an access session establishment unit 9; a license token generation unit 10; a session state management unit 11; a life cycle management unit 12; a license token management unit 13; a permitted connection management unit 14; a data verification module 15; a node management module 16; a data propagation module 17; an access management module 18; a data sharing module 19; a time stamp module 20; an asymmetric encryption module 21; a data development module 22; a hash function module 23; a random number module 24; a digital signature module 25.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It will be understood that when an element is referred to as being "fixed" or "disposed" on another element, it can be directly on the other element or be indirectly disposed on the other element; when an element is referred to as being "connected to" another element, it can be directly connected to the other element or be indirectly connected to the other element.
It will be understood that the terms "length," "width," "upper," "lower," "front," "rear," "first," "second," "vertical," "horizontal," "top," "bottom," "inner," "outer," and the like, as used herein, refer to an orientation or positional relationship indicated in the drawings that is solely for the purpose of facilitating the description and simplifying the description, and do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus should not be construed as limiting the application.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present application, "plurality" or "a plurality" means two or more unless specifically limited otherwise.
It should be understood that the structures, ratios, sizes, and the like shown in the drawings are only used for matching the disclosure of the specification, so as to be understood and read by those skilled in the art, and are not used to limit the practical limit conditions of the present application, so that the modifications of the structures, the changes of the ratio relationships, or the adjustment of the sizes, do not have the technical essence, and the modifications, the changes of the ratio relationships, or the adjustment of the sizes, are all within the scope of the technical contents disclosed in the present application without affecting the efficacy and the achievable purpose of the present application.
As shown in fig. 1 to 4, the block chain based zero trust network access system provided in the embodiment of the present application includes, in comparison with the prior art: the trust proxy component 3 is used for receiving the access request of the user equipment 1 and verifying the identity authority of the user; an access control component 7 connected to the trust proxy component 3; one end of the access control component 7 is connected with the trust proxy component 3, and the other end is connected with the application system 2 which the user equipment 1 requests to access; the access control component 7 and the application system 2 are arranged in the same network; an enterprise directory blockchain system 4 for storing and distributing critical data for zero trust network access; the enterprise directory blockchain system 4 includes a plurality of blockchain consensus nodes 6; the blockchain consensus node 6 is in communication with the trust proxy component 3, the access control component 7 and the application system 2.
The invention provides a zero trust network access system based on a block chain, which specifically comprises the following steps: the trust proxy component 3 is used for receiving the access request of the user equipment 1 and verifying the identity authority of the user; an access control component 7 connected to the trust proxy component 3; one end of the access control component 7 is connected with the trust proxy component 3, and the other end is connected with the application system 2 which the user equipment 1 requests to access; the access control component 7 and the application system 2 are arranged in the same network; an enterprise directory blockchain system 4 for storing and distributing critical data for zero trust network access; the enterprise directory blockchain system 4 includes a plurality of blockchain consensus nodes 6; the blockchain consensus node 6 is in communication with the trust proxy component 3, the access control component 7 and the application system 2. Wherein, the user equipment 1 sends out an access request, and receives the access request by using the trust proxy component 3; the enterprise directory blockchain system 4 stores key data of network access, the trust proxy component 3 is used for connecting the enterprise directory blockchain system 4, and the identity validity of an access user is verified by reading and updating the key data; the access control component 7 is connected with the application system 2 and the trust proxy component 3, and if the user verification is valid, the access connection is established; secondly, by using the blockchain consensus node 6, the blockchain consensus node 6 is connected with the trust proxy component 3, the access control component 7 and the application system 2, so that the key data can be uploaded and updated to the enterprise directory blockchain system 4 in time, the data format and the control rule are unified, and the security consistency of the key data is ensured. Compared with the prior art, the technical scheme of the invention can solve the problem of single-point failure, can timely and consistently share and synchronously update the key data in network access, unify the data format and the control rule, and realize safe and efficient integration.
Specifically, in an embodiment of the present invention, the key data includes: user identity data, access policy data, permission token data, and application connection configuration data.
Specifically, in the embodiment of the present invention, the trust proxy component 3 includes: an identity verification module 302, an access permission module 303, and a session management module 304; the identity verification module 302, the access permission module 303, and the session management module 304 are communicatively connected to the enterprise directory blockchain system 4, and read and upload the critical data for updating the zero trust network access.
Wherein the identity verification module 302 verifies the identity validity of the access user based on the key data; if the authentication identity is valid, the access is permitted to enter the next access link, and if the authentication identity is invalid, the user access request is refused.
Specifically, in the embodiment of the present invention, the identity verification module 302 is configured to read the key data and verify the validity of the identity of the user initiating the access request; the access permission module 303 is connected with the identity verification module 302, generates a permission token based on the key data and establishes a session access connection; the session management module 304 is connected to the access permission module 303 for managing the permission token, the session state and the permission connection data.
On one hand, the access permission module 303 reads the access control policy data and the application connection configuration data from the enterprise directory blockchain system 4 to generate a permission token, and on the other hand, writes the generated permission token, session state data and application connection attribute data to the enterprise directory blockchain system 4; the session management module 304 reads or writes data, such as the license token, session state data, application connection attributes, etc., from or to the enterprise directory blockchain system 4.
Specifically, in an embodiment of the present invention, the access permission module 303 includes: a license token generation unit 10 communicatively coupled to the enterprise directory blockchain system 4; an access session establishing unit 9 arranged in parallel with said license token generating unit 10.
Specifically, in an embodiment of the present invention, the session management module 304 includes: a license token management unit 13 communicatively coupled to the enterprise directory blockchain system 4; a session state management unit 11 and a license connection management unit 14 provided in parallel with the license token management unit 13.
Specifically, in an embodiment of the present invention, the session management module 304 further includes: a lifecycle management unit 12 connected to the enterprise directory blockchain system 4; the lifecycle management unit 12 comprises: a license token cycle management unit and a session cycle management unit.
Specifically, in the embodiment of the present invention, the trust proxy component 3 further includes: a front-end docking module 301, communicatively connected to the user equipment 1, for receiving an access request from the user equipment 1; the front-end docking module 301 is connected to the identity verification module 302, and sends an access request to the identity verification module 302.
Specifically, in the embodiment of the present invention, a plurality of trust proxy components 3 are provided, and a plurality of trust proxy components 3 are provided in different networks; the application systems 2 are provided in plurality, and the application systems 2 are respectively arranged in different tissue main bodies; a plurality of the blockchain consensus nodes 6 are communicatively connected to the trust proxy components 3 in different networks and to the application systems 2 in different organizational entities, respectively.
Specifically, in an embodiment of the present invention, the different organization entities include intranet systems 8 of different enterprise entities and different intranet systems 8 in the same enterprise entity.
The plurality of trust proxy components 3 and the plurality of application systems 2 are respectively arranged in different organization bodies, the enterprise directory block chain system 4 is respectively connected with the plurality of trust proxy components 3 and the plurality of application systems 2, so that a zero-trust network access system is changed from a system architecture under a single organization body to a distributed system architecture capable of supporting a cross-organization body, distributed key data sharing of the cross-organization body is realized, seamless access of a user to equipment, positions and the cross-organization body is realized, service can be built among different clouds and different enterprise bodies, the application range of the system is expanded, and the safety is improved.
Specifically, in an embodiment of the present invention, the enterprise directory blockchain system 4 includes: a data layer 504, a network layer 503, a consensus layer 502, and a contract layer 501.
Specifically, in an embodiment of the present invention, the data layer 505 includes: a timestamp module 20, a hash function module 23, a random number module 24, an asymmetric encryption module 21, and a digital signature module 25; the network layer 504 includes: a data dissemination module 17 and a data verification module 15.
Wherein, the data layer 505 is used for storing the key data accessed by the network in a distributed manner; the blockchain consensus node 6 maintains the consistency of the key data in the data layer 505 by using a consensus algorithm through the consensus layer 503, and ensures the non-falsification and traceability of the key data by combining the asymmetric encryption module 21 and the hash function module 23, so that the zero-trust network access is safer.
Specifically, in the embodiment of the present invention, the data layer 505 further includes: a data sharing module 19 and a data developing module 22 connected to the time stamping module 20, the hash function module 23, the random number module 24, the asymmetric encryption module 21, and the digital signature module 25.
Specifically, in the embodiment of the present invention, the network layer 504 further includes: an access management module 18 and a node management module 16 connected to the data dissemination module 17 and the data verification module 15.
Specifically, in an embodiment of the present invention, the trust proxy component 3 comprises a network access controller; the access control component 7 comprises: an access gateway and a network access connector; the access control component 7 is communicatively connected to the enterprise directory blockchain system 4 for reading and uploading updated key data.
Wherein, the access control component 7 is used for establishing and accessing user access connection; the access control component 7 is connected to the enterprise directory blockchain system 4, and on one hand, reads the required critical data from the enterprise directory blockchain system 4, and on the other hand, also writes data such as an update access connection status to the enterprise directory blockchain system 4.
Specifically, in the embodiment of the present invention, after the user equipment obtains the access authorization through the trust proxy component 3, a connection path between the user equipment and the application system 2 is established.
Wherein, the mode of establishing the connection path comprises the following steps: the user equipment access request carrying the permission token is forwarded through the trust proxy component 3, then forwarded through the access control component 7, finally reaches the application system 2, and returns the reply message according to the source path; the user equipment access request carrying the permission token is directly forwarded by the access control component 7 to the application system 2, and the reply message is returned according to the source path.
To be more specific, at present, a typical zero trust network access system architecture mainly includes: endpoint-initiated ZTNA and service-initiated ZTNA, there are also products on the market that mix these two technologies simultaneously. In the above system composition of zero trust network access, the user access needs to rely on "trust proxy" to implement the verification of the identity authority. The trust proxy needs an enterprise directory identity data end integrated with a back end to realize sharing and updating of configuration data such as control strategies, user tokens and the like. Based on this, the existing zero trust network access system has some disadvantages: a trust proxy may become a single point of failure; if a plurality of trust proxies are deployed to solve the problem of single point failure, the problems of untimely, inconsistent and low safety of the sharing and synchronization of key data such as control strategies, user tokens, user identities and the like among the plurality of trust proxies can be encountered; and when the authorized user group of the application system is across organization subjects and across country regions, the problem that the user identity data is difficult to integrate can be faced due to data format difference, compliance rule difference and system interface difference.
As described above, in the zero trust network access system based on the block chain according to the embodiment of the present invention, the user equipment 1 sends an access request, and receives the access request by using the trust proxy component 3; the enterprise directory blockchain system 4 stores key data of network access, the trust proxy component 3 is used for connecting the enterprise directory blockchain system 4, and the identity validity of an access user is verified by reading and updating the key data; the access control component 7 is connected with the application system 2 and the trust proxy component 3, and if the user verification is valid, the access connection is established; secondly, by utilizing the enterprise directory blockchain system 4 and the blockchain consensus node 6, the blockchain consensus node 6 is in communication connection with the trust proxy component 3 and the application system 2, so that the key data can be uploaded and updated to the enterprise directory blockchain system 4 in time, and the security consistency of the key data is ensured; moreover, the enterprise directory block chain system 4 is respectively connected with the trust proxy components 3 and the application systems 2 in different organization bodies, so that the zero-trust network access system is changed from a system architecture under a single organization body to a distributed system architecture capable of supporting a cross-organization body, distributed key data sharing of the cross-organization body is realized, seamless access of users across equipment, across positions and across organization bodies is realized, services can be built among different enterprise bodies across different clouds, and the network access process meets the examination requirements of safety, transparency and compliance by using the tamper resistance and traceability of the enterprise directory block chain system 4.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A blockchain-based zero trust network access system, comprising:
the trust proxy component is used for receiving the access request of the user equipment and verifying the identity authority of the user;
an access control component connected to the trust proxy component;
one end of the access control component is connected with the trust proxy component, and the other end of the access control component is connected with an application system which the user equipment requests to access; the access control component and the application system are arranged in the same network;
an enterprise directory blockchain system for storing and distributing critical data for zero trust network access;
the enterprise directory blockchain system comprises a plurality of blockchain consensus nodes; the blockchain consensus node is communicated with the trust proxy component, the access control component and the application system.
2. The blockchain based zero trust network access system of claim 1, the trust proxy component comprising: the system comprises an identity authentication module, an access permission module and a session management module; the identity verification module, the access permission module and the session management module are in communication connection with the enterprise directory blockchain system, and read and upload the key data for updating the zero trust network access.
3. The blockchain-based zero trust network access system of claim 2, wherein the identity verification module is configured to read the key data and verify validity of the identity of the user initiating the access request; the access permission module is connected with the identity authentication module, generates a permission token based on the key data and establishes session access connection; the session management module is connected with the access permission module and used for managing the permission token, the session state and the permission connection data.
4. The blockchain-based zero trust network access system of claim 3, wherein the access permission module comprises: a license token generation unit communicatively coupled to the enterprise directory blockchain system; an access session establishing unit provided in parallel with the license token generating unit.
5. The blockchain-based zero trust network access system of claim 4, wherein the session management module comprises: a license token management unit in communication with the enterprise directory blockchain system; a session state management unit and a license connection management unit provided in parallel with the license token management unit.
6. The blockchain based zero trust network access system of claim 2, the trust proxy component further comprising: the front-end access module is in communication connection with the user equipment and used for receiving an access request of the user equipment; the front end butting module is connected with the identity verification module and sends an access request to the identity verification module.
7. The blockchain-based zero trust network access system of claim 1, wherein the plurality of trust proxy components are provided, and a plurality of the trust proxy components are provided in different networks; the application systems are arranged in a plurality of numbers and are respectively arranged in different tissue main bodies; the blockchain consensus nodes are respectively in communication connection with the trust proxy components in different networks and application systems in different organization bodies.
8. The blockchain-based zero trust network access system of claim 1, wherein the key data comprises: user identity data, access policy data, permission token data, and application connection configuration data.
9. The blockchain-based zero trust network access system of claim 8, wherein the enterprise directory blockchain system comprises: a data layer, a network layer, a consensus layer, and a contract layer.
10. The blockchain based zero trust network access system of claim 9, wherein the trust proxy component comprises a network access controller; the access control component comprises: an access gateway and a network access connector; the access control component is in communication connection with the enterprise directory blockchain system and is used for reading and uploading and updating the key data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110450834.2A CN113051350B (en) | 2021-04-26 | 2021-04-26 | Zero trust network access system based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110450834.2A CN113051350B (en) | 2021-04-26 | 2021-04-26 | Zero trust network access system based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113051350A true CN113051350A (en) | 2021-06-29 |
| CN113051350B CN113051350B (en) | 2022-05-27 |
Family
ID=76520575
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110450834.2A Active CN113051350B (en) | 2021-04-26 | 2021-04-26 | Zero trust network access system based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113051350B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113824791A (en) * | 2021-09-23 | 2021-12-21 | 深信服科技股份有限公司 | Access control method, device, equipment and readable storage medium |
| CN114172665A (en) * | 2021-12-07 | 2022-03-11 | 东软集团股份有限公司 | Block chain zero trust system and method for block chain zero trust system |
| CN114338701A (en) * | 2021-12-29 | 2022-04-12 | 四川启睿克科技有限公司 | Block chain-based zero-trust system and access method for Internet of things |
| CN114938278A (en) * | 2022-04-11 | 2022-08-23 | 北京邮电大学 | Zero trust access control method and device |
| CN115051805A (en) * | 2022-02-21 | 2022-09-13 | 国家广播电视总局广播电视规划院 | Block chain security access control method based on zero trust security framework |
| CN115361186A (en) * | 2022-08-11 | 2022-11-18 | 哈尔滨工业大学(威海) | Zero trust network architecture for industrial internet platform |
| CN115914300A (en) * | 2022-11-25 | 2023-04-04 | 四川启睿克科技有限公司 | Block chain-based zero-trust implementation system and method for Internet of things |
| CN115914300B (en) * | 2022-11-25 | 2024-06-07 | 四川启睿克科技有限公司 | Zero trust realization system and method for Internet of things based on block chain |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190319861A1 (en) * | 2018-04-13 | 2019-10-17 | The Curators Of The University Of Missouri | Method and system for secure resource management utilizing blockchain and smart contracts |
| CN112118242A (en) * | 2020-09-09 | 2020-12-22 | 厦门安胜网络科技有限公司 | Zero trust authentication system |
| CN112564775A (en) * | 2020-12-18 | 2021-03-26 | 江苏省未来网络创新研究院 | Spatial information network access control system and authentication method based on block chain |
-
2021
- 2021-04-26 CN CN202110450834.2A patent/CN113051350B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190319861A1 (en) * | 2018-04-13 | 2019-10-17 | The Curators Of The University Of Missouri | Method and system for secure resource management utilizing blockchain and smart contracts |
| CN112118242A (en) * | 2020-09-09 | 2020-12-22 | 厦门安胜网络科技有限公司 | Zero trust authentication system |
| CN112564775A (en) * | 2020-12-18 | 2021-03-26 | 江苏省未来网络创新研究院 | Spatial information network access control system and authentication method based on block chain |
Non-Patent Citations (1)
| Title |
|---|
| 余双波等: "零信任架构在网络信任体系中的应用", 《通信技术》 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113824791A (en) * | 2021-09-23 | 2021-12-21 | 深信服科技股份有限公司 | Access control method, device, equipment and readable storage medium |
| CN114172665A (en) * | 2021-12-07 | 2022-03-11 | 东软集团股份有限公司 | Block chain zero trust system and method for block chain zero trust system |
| CN114338701A (en) * | 2021-12-29 | 2022-04-12 | 四川启睿克科技有限公司 | Block chain-based zero-trust system and access method for Internet of things |
| CN114338701B (en) * | 2021-12-29 | 2023-03-07 | 四川启睿克科技有限公司 | Block chain-based zero-trust system and access method for Internet of things |
| CN115051805A (en) * | 2022-02-21 | 2022-09-13 | 国家广播电视总局广播电视规划院 | Block chain security access control method based on zero trust security framework |
| CN114938278A (en) * | 2022-04-11 | 2022-08-23 | 北京邮电大学 | Zero trust access control method and device |
| CN114938278B (en) * | 2022-04-11 | 2023-10-31 | 北京邮电大学 | Zero-trust access control method and device |
| CN115361186A (en) * | 2022-08-11 | 2022-11-18 | 哈尔滨工业大学(威海) | Zero trust network architecture for industrial internet platform |
| CN115361186B (en) * | 2022-08-11 | 2024-04-19 | 哈尔滨工业大学(威海) | Zero trust network architecture for industrial Internet platform |
| CN115914300A (en) * | 2022-11-25 | 2023-04-04 | 四川启睿克科技有限公司 | Block chain-based zero-trust implementation system and method for Internet of things |
| CN115914300B (en) * | 2022-11-25 | 2024-06-07 | 四川启睿克科技有限公司 | Zero trust realization system and method for Internet of things based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113051350B (en) | 2022-05-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113051350B (en) | Zero trust network access system based on block chain | |
| EP2345200B1 (en) | A method for operating a network, a system management device, a network and a computer program therefor | |
| Vollbrecht et al. | AAA authorization framework | |
| US20190158298A1 (en) | Public key infrastructure based on the public certificates ledger | |
| US7316027B2 (en) | Techniques for dynamically establishing and managing trust relationships | |
| CN112418860A (en) | Block chain efficient management framework based on cross-chain technology and working method | |
| EP3557456B1 (en) | Method and device for data processing and communication system comprising such device | |
| CN111683101B (en) | Autonomous cross-domain access control method based on block chain | |
| KR100970771B1 (en) | Dynamic negotiation of security arrangements between web services??? ?? | |
| CN113507458B (en) | Cross-domain identity authentication method based on block chain | |
| EP2747377B1 (en) | Trusted certificate authority to create certificates based on capabilities of processes | |
| CN111800410B (en) | Block chain-based data access control method, electronic device and storage medium | |
| CN112908440A (en) | Health management data sharing method and device and remote medical platform | |
| Schanzenbach et al. | Zklaims: Privacy-preserving attribute-based credentials using non-interactive zero-knowledge techniques | |
| KR20020029216A (en) | Method for managing dispersion certificate revocation list | |
| Vollbrecht et al. | RFC2904: AAA authorization framework | |
| CN101084664B (en) | Method and system for providing and utilizing a network trusted context, and data server | |
| WO2003046748A1 (en) | Directory-based secure network communities using bridging services | |
| Sidhu et al. | Trust development for blockchain interoperability using self-sovereign identity integration | |
| FI109253B (en) | Verified identity chain | |
| CN114978698A (en) | Network access method, target terminal, certificate management network element and verification network element | |
| CN114553527A (en) | Block chain-based identity authentication service system crossing CA trust domain | |
| CN114157487A (en) | Large-scale Internet of things access control method based on block chain technology | |
| Baltatu et al. | Security policy system: status and perspective | |
| Xiao et al. | BD-SAS: Enabling Dynamic Spectrum Sharing in Low-trust Environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |