CN113572844A - Industrial internet identification analysis method - Google Patents
Industrial internet identification analysis method Download PDFInfo
- Publication number
- CN113572844A CN113572844A CN202110852615.7A CN202110852615A CN113572844A CN 113572844 A CN113572844 A CN 113572844A CN 202110852615 A CN202110852615 A CN 202110852615A CN 113572844 A CN113572844 A CN 113572844A
- Authority
- CN
- China
- Prior art keywords
- analysis
- client
- identification
- server
- dns
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 69
- 238000000034 method Methods 0.000 claims abstract description 4
- 238000005516 engineering process Methods 0.000 abstract description 2
- 235000014510 cooky Nutrition 0.000 description 3
- 238000013507 mapping Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000006854 communication Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses an industrial internet mark analysis method.A user host runs a mark analysis client; the client initiates an application to the analysis server; the analysis server retrieves an identification analysis database according to identification information carried in an application sent by the client; if the analysis is successful, returning the analysis result to the client in a web json mode; if the analysis is unsuccessful, analyzing the identification information through a traditional DNS analysis system, and returning an analysis result to the client in a web json mode; the client side obtains an identification analysis result according to the web json data returned by the analysis server; and the client accesses the target application server corresponding to the identification analysis result through protocols such as HTTP, HTTPS, FTP and the like to obtain a webpage or a data file. The invention provides an industrial internet identification analyzing method, which adopts a new technology of a non-DNS analyzing mechanism to eliminate the huge hidden trouble of national information safety caused by the limitation of the DNS analyzing mechanism.
Description
Technical Field
The invention relates to the field of industrial internet, in particular to an industrial internet identification analysis method.
Background
The DNS is a set of mapping systems from domain names to IP, a computer and network service naming system organized in a hierarchy of domains, used in TCP/IP networks, which provides services that are used to convert host names and domain names to IP addresses. DNS is an application layer protocol that in fact works for other application layer protocols, including but not limited to HTTP and SMTP and FTP, to resolve user-supplied hostnames to IP addresses.
The specific process is as follows:
1. the user host runs a DNS client.
2. The browser extracts the domain name field from the received url and transmits the domain name field to the client of the DNS application.
And 3, the DNS client side sends a query message to the DNS server side, wherein the message contains a host name field to be accessed.
4. The DNS client will eventually receive an answer message that includes the IP address corresponding to the host name.
5. The browser, upon receiving the IP address from the DNS, can initiate a TCP connection to the HTTP server located at that IP address.
The domain name resolution system (DNS) of the internet adopts a central centralized management mode, so that the operation of the internet in each country is highly dependent on the original root domain name resolution server located in the united states from the perspective of domain name resolution. The DNS root node is not mastered in China, only the DNS root mirror node is deployed, data synchronization is carried out passively, and many hidden dangers exist in the aspects of performance, safety, management and the like. The distribution of the domain names of the Internet is unequal to the management pattern, so that except a few countries, other countries are at high risk, the risk that the Internet system of one country is deleted from the Internet society as a whole exists, and all countries in the world cannot access the website under the domain name of the country, so that the industrial Internet identification analysis method is provided.
Disclosure of Invention
Based on the technical problems in the background art, the invention provides an industrial internet identification analysis method to solve the problems in the background art.
The invention provides the following technical scheme:
an industrial internet identification analysis method comprises the following steps:
A. running an identifier analysis client on a user host;
B. the client initiates an application to the analysis server;
C. the analysis server retrieves an identification analysis database according to identification information carried in an application sent by the client;
D. if the analysis is successful, returning the analysis result to the client in a web json mode; if the analysis is unsuccessful, analyzing the identification information through a traditional DNS analysis system, and returning an analysis result to the client in a web json mode;
E. the client side obtains an identification analysis result according to the web json data returned by the analysis server;
F. and the client accesses the target application server corresponding to the identification analysis result through protocols such as HTTP, HTTPS, FTP and the like to obtain a webpage or a data file.
Preferably, an identifier resolution server is deployed in the step E, and an identifier resolution database is stored.
The invention provides an industrial internet identification analyzing method, which adopts a new technology of a non-DNS analyzing mechanism to eliminate the huge hidden trouble of national information safety caused by the limitation of the DNS analyzing mechanism.
Drawings
FIG. 1 is an identification resolution diagram of the present invention;
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, the present invention provides a technical solution:
the first embodiment is as follows:
an industrial internet identification analysis method comprises the following steps:
A. running an identifier analysis client on a user host;
B. the client initiates an application to the analysis server;
C. the analysis server retrieves an identification analysis database according to identification information carried in an application sent by the client;
D. if the analysis is successful, returning the analysis result to the client in a web json mode; if the analysis is unsuccessful, analyzing the identification information through a traditional DNS analysis system, and returning an analysis result to the client in a web json mode;
E. the client side obtains an identification analysis result according to the web json data returned by the analysis server;
F. and the client accesses the target application server corresponding to the identification analysis result through protocols such as HTTP, HTTPS, FTP and the like to obtain a webpage or a data file.
Step E, a mark analysis server is deployed and a mark analysis database is stored; and communicating the client and the server in a web json mode, receiving and processing an identifier analysis request lifted by the client, and returning an identifier analysis result. The traditional DNS analysis system is bypassed in the field of identification analysis, and the system is not limited by a source root domain name server any more, so that the autonomous control of information safety in the aspect of identification analysis is realized.
The identification analysis based on the web JSON is a non-DNS analysis system, is applied to the identification analysis of industrial internet, realizes autonomous controllability on the network information security, is a subset of JSON based on JavaScript mapping Language, Standard ECMA-2623 rd Edition-Decumber 1999, is a light-weight data exchange format, is easy to read and write, and is convenient for a machine to analyze and generate.
Example two:
JSON Web Token (JWT) is a very light specification; this specification allows us to use JWT to pass secure and reliable information between users and servers; JWT for short, and performs identity authentication in the HTTP communication process;
A. the client logs in the server through a user name and a password;
B. the server side verifies the identity of the client side;
C. the server generates a Token for the user and returns the Token to the client;
D. a client initiates a request, and the Token needs to be carried;
E. after receiving the request, the server side firstly verifies Token and then returns data;
F. the client saves Token to the local browser, typically in a cookie.
Principle of JWT
The JWT principle is that after the server authenticates, a JSON object is generated and sent back to the user;
later, when the user communicates with the server, the JSON object needs to be sent back; the server only determines the user identity by the object; in order to prevent the user from tampering with the data, the server will add a signature when generating the object;
the server does not store any session data, that is, the server becomes stateless, so that the expansion is easier to realize;
JWT usage pattern
The client receives the JWT returned by the server, and the JWT can be stored in the Cookie or the localStorage;
thereafter, each time the client communicates with the server, the JWT is brought on. You can place it in Cookie to send automatically, but this can not cross the domain, so better practice is to place it in HTTP solicited header information Authorization field;
alternatively, when the domain is crossed, the JWT is placed in the body of the POST request;
characteristics of JWT
JWT is not encrypted by default, but can be encrypted, and can be encrypted once by using a key after generating the original Token;
in the case that the JWT is not encrypted, the secret data cannot be written to the JWT;
JWT can be used not only for authentication, but also for exchanging information; the JWT is effectively used, so that the times of querying the database by the server can be reduced;
the biggest disadvantage of JWT is that since the server does not save the session state, it is not possible to revoke a token, or change the authority of a token, during use; that is, once the JWT issues, it will always be valid until it expires unless the server deploys additional logic;
the JWT itself contains authentication information, and once compromised, anyone can obtain all rights to the token; to reduce theft, the validity period of the JWT should be set relatively short; for some more important authorities, the user should be authenticated again when in use;
to reduce theft, JWT should not use HTTP protocol clear code transport, using HTTPs protocol transport.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be able to cover the technical scope of the present invention and the equivalent alternatives or modifications according to the technical solution and the inventive concept of the present invention within the technical scope of the present invention.
Claims (2)
1. An industrial internet identification analysis method is characterized by comprising the following steps:
A. running an identifier analysis client on a user host;
B. the client initiates an application to the analysis server;
C. the analysis server retrieves an identification analysis database according to identification information carried in an application sent by the client;
D. if the analysis is successful, returning the analysis result to the client in a webjson mode; if the analysis is unsuccessful, analyzing the identification information through a traditional DNS analysis system, and returning an analysis result to the client in a webjson mode;
E. the client side obtains an identification analysis result according to webjson data returned by the analysis server;
F. and the client accesses the target application server corresponding to the identification analysis result through protocols such as HTTP, HTTPS, FTP and the like to obtain a webpage or a data file.
2. The method for resolving the industrial internet mark as claimed in claim 1, wherein: and step E, deploying an identification analysis server and storing an identification analysis database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110852615.7A CN113572844A (en) | 2021-07-27 | 2021-07-27 | Industrial internet identification analysis method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110852615.7A CN113572844A (en) | 2021-07-27 | 2021-07-27 | Industrial internet identification analysis method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113572844A true CN113572844A (en) | 2021-10-29 |
Family
ID=78168085
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110852615.7A Pending CN113572844A (en) | 2021-07-27 | 2021-07-27 | Industrial internet identification analysis method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113572844A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114500458A (en) * | 2021-12-06 | 2022-05-13 | 中国电子技术标准化研究院 | Novel ORS (object relational mapping) analysis method based on local analysis |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110708322A (en) * | 2019-10-12 | 2020-01-17 | 北京工业大学 | Method for realizing proxy service of industrial internet identification analysis system |
| CN111611613A (en) * | 2020-04-28 | 2020-09-01 | 网络通信与安全紫金山实验室 | ICN-based industrial internet identification analysis system and data access method |
| CN111966868A (en) * | 2020-09-07 | 2020-11-20 | 航天云网数据研究院(广东)有限公司 | Data management method based on identification analysis and related equipment |
| CN112085417A (en) * | 2020-09-24 | 2020-12-15 | 北京工业大学 | Industrial Internet identification distribution and data management method based on block chain |
| CN112600674A (en) * | 2020-12-04 | 2021-04-02 | 中国农业银行股份有限公司深圳市分行 | User security authentication method and device for front-end and back-end separation system and storage medium |
| CN112929464A (en) * | 2021-02-22 | 2021-06-08 | 中国电子信息产业集团有限公司第六研究所 | Identification analysis method, device, system, dynamic adapter and readable storage medium |
-
2021
- 2021-07-27 CN CN202110852615.7A patent/CN113572844A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110708322A (en) * | 2019-10-12 | 2020-01-17 | 北京工业大学 | Method for realizing proxy service of industrial internet identification analysis system |
| CN111611613A (en) * | 2020-04-28 | 2020-09-01 | 网络通信与安全紫金山实验室 | ICN-based industrial internet identification analysis system and data access method |
| CN111966868A (en) * | 2020-09-07 | 2020-11-20 | 航天云网数据研究院(广东)有限公司 | Data management method based on identification analysis and related equipment |
| CN112085417A (en) * | 2020-09-24 | 2020-12-15 | 北京工业大学 | Industrial Internet identification distribution and data management method based on block chain |
| CN112600674A (en) * | 2020-12-04 | 2021-04-02 | 中国农业银行股份有限公司深圳市分行 | User security authentication method and device for front-end and back-end separation system and storage medium |
| CN112929464A (en) * | 2021-02-22 | 2021-06-08 | 中国电子信息产业集团有限公司第六研究所 | Identification analysis method, device, system, dynamic adapter and readable storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114500458A (en) * | 2021-12-06 | 2022-05-13 | 中国电子技术标准化研究院 | Novel ORS (object relational mapping) analysis method based on local analysis |
| CN114500458B (en) * | 2021-12-06 | 2023-08-01 | 中国电子技术标准化研究院 | Novel ORS analysis method based on local analysis |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102006299B (en) | Trustworthy internet-oriented entity ID (Identity)-based ID authentication method and system | |
| US11706036B2 (en) | Systems and methods for preserving privacy of a registrant in a domain name system (“DNS”) | |
| CN102638454B (en) | Plug-in type SSO (single signon) integration method oriented to HTTP (hypertext transfer protocol) identity authentication protocol | |
| CN100534092C (en) | Method and system for stepping up to certificate-based authentication without breaking an existing ssl session | |
| US6691232B1 (en) | Security architecture with environment sensitive credential sufficiency evaluation | |
| US8132239B2 (en) | System and method for validating requests in an identity metasystem | |
| US6668322B1 (en) | Access management system and method employing secure credentials | |
| US20040003287A1 (en) | Method for authenticating kerberos users from common web browsers | |
| US20080222714A1 (en) | System and method for authentication upon network attachment | |
| US20080216160A1 (en) | Robust digest authentication method | |
| CN105554098A (en) | Device configuration method, server and system | |
| JP2000349747A (en) | Public key managing method | |
| KR20120104193A (en) | Method and system for entity public key acquiring, certificate validation and authentication by introducing an online credible third party | |
| CN113055363A (en) | Identification analysis system implementation method based on block chain trust mechanism | |
| US11165768B2 (en) | Technique for connecting to a service | |
| CN101039181B (en) | Method for preventing service function entity of general authentication framework from attack | |
| CN103023856A (en) | Single sign-on method, single sign-on system, information processing method and information processing system | |
| CN109274579A (en) | It is a kind of that user's uniform authentication method is applied based on wechat platform more | |
| CN114127764A (en) | Destination addressing associated with distributed ledger | |
| CN113572844A (en) | Industrial internet identification analysis method | |
| CN102083066A (en) | Unified safety authentication method and system | |
| KR102118556B1 (en) | Method for providing private blockchain based privacy information management service | |
| CN103118025A (en) | Single sign-on method based on network access certification, single sign-on device and certificating server | |
| CN114006724B (en) | Method and system for discovering and authenticating encryption DNS resolver | |
| CN106330894B (en) | SAVI proxy authentication system and method based on link-local address |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |