CN113660211A - Authentication security policy execution method and device and computing equipment - Google Patents
Authentication security policy execution method and device and computing equipment Download PDFInfo
- Publication number
- CN113660211A CN113660211A CN202110830057.4A CN202110830057A CN113660211A CN 113660211 A CN113660211 A CN 113660211A CN 202110830057 A CN202110830057 A CN 202110830057A CN 113660211 A CN113660211 A CN 113660211A
- Authority
- CN
- China
- Prior art keywords
- authentication
- security policy
- executing
- post
- acquiring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The embodiment of the invention relates to the technical field of computer networks, and discloses an authentication security policy execution method, an authentication security policy execution device and computing equipment, wherein the method comprises the following steps: receiving an authentication request initiated by a user, and acquiring an authentication chain at least comprising an authentication method; acquiring and executing a pre-posed security policy section based on the authentication method, wherein the pre-posed security policy section comprises at least one pre-posed security policy; after the pre-security policy is hit, executing the authentication request; and after the authentication request is completed, acquiring and executing a post-security policy section, wherein the post-security policy section comprises at least one post-security policy. Through the mode, the embodiment of the invention is beneficial to control and protection of authentication safety and meets various flexible and changeable scene requirements.
Description
Technical Field
The embodiment of the invention relates to the technical field of computer networks, in particular to an authentication security policy execution method, an authentication security policy execution device and computing equipment.
Background
With the rapid development of the current information technology and the arrival of the big data cloud era, different application systems and different use environments have different safety requirements in the use process of the actual application system. Therefore, different application systems should make authentication security policies meeting their requirements.
In the prior art, through the configuration in advance by an administrator, the authentication process is sequentially executed according to the configuration sequence. The authentication mode is standard and inflexible, and additional development and coding are required according to different authentication requirements of different enterprises.
Disclosure of Invention
In view of the foregoing problems, embodiments of the present invention provide an authentication security policy enforcement method, apparatus and computing device, which overcome the foregoing problems or at least partially solve the foregoing problems.
According to an aspect of an embodiment of the present invention, there is provided an authentication security policy enforcement method, including: receiving an authentication request initiated by a user, and acquiring an authentication chain at least comprising an authentication method; acquiring and executing a pre-posed security policy section based on the authentication method, wherein the pre-posed security policy section comprises at least one pre-posed security policy; after the pre-security policy is hit, executing the authentication request; and after the authentication request is completed, acquiring and executing a post-security policy section, wherein the post-security policy section comprises at least one post-security policy.
In an optional manner, the obtaining an authentication chain including at least one authentication method includes: and acquiring different authentication chains according to different applications, wherein the authentication chains comprise authentication methods and execution sequences.
In an optional manner, the obtaining different authentication chains according to different applications includes: and acquiring a plurality of authentication methods, execution sequences and judgment logics corresponding to the authentication requests according to the application and forming the authentication chain.
In an optional manner, the obtaining different authentication chains according to different applications includes: and selecting the pre-stored authentication chain corresponding to the authentication request according to the application.
In an optional manner, the obtaining and executing a pre-configured security policy facet based on the authentication method includes: checking whether the pre-configured security policy facet is configured before executing the authentication request; and if so, acquiring and executing the preposed security policy section.
In an optional manner, the obtaining and executing a post-security policy cut plane includes: checking whether the post-security policy section is configured; and if so, acquiring and executing the post-security policy section.
In an optional manner, after the obtaining and executing the post-security policy cut plane, the method includes: and if the authentication chain comprises a plurality of authentication methods, executing the authentication request according to the plurality of authentication methods in sequence according to an execution sequence.
According to another aspect of the embodiments of the present invention, there is provided an authentication security policy enforcement device, including: the authentication chain acquiring unit is used for receiving an authentication request initiated by a user and acquiring an authentication chain at least comprising an authentication method; the preposed policy executing unit is used for acquiring and executing a preposed security policy section based on the authentication method, wherein the preposed security policy section comprises at least one preposed security policy; the authentication unit is used for executing the authentication request after the pre-security policy is hit; and the post-policy execution unit is used for acquiring and executing a post-security policy section after the authentication request is completed, wherein the post-security policy section comprises at least one post-security policy.
According to another aspect of embodiments of the present invention, there is provided a computing device including: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the steps of the authentication security policy execution method.
According to another aspect of the embodiments of the present invention, there is provided a computer storage medium, wherein at least one executable instruction is stored in the storage medium, and the executable instruction causes the processor to execute the steps of the authentication security policy execution method.
The embodiment of the invention obtains an authentication chain at least comprising an authentication method by receiving an authentication request initiated by a user; acquiring and executing a pre-posed security policy section based on the authentication method, wherein the pre-posed security policy section comprises at least one pre-posed security policy; after the pre-security policy is hit, executing the authentication request; after the authentication request is completed, a post-safety strategy section is obtained and executed, and the post-safety strategy section comprises at least one post-safety strategy, so that the control and protection of authentication safety can be facilitated, and various flexible and changeable scene requirements can be met.
The foregoing description is only an overview of the technical solutions of the embodiments of the present invention, and the embodiments of the present invention can be implemented according to the content of the description in order to make the technical means of the embodiments of the present invention more clearly understood, and the detailed description of the present invention is provided below in order to make the foregoing and other objects, features, and advantages of the embodiments of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a flowchart illustrating an authentication security policy enforcement method according to an embodiment of the present invention;
FIG. 2 illustrates an exemplary diagram of an authentication security policy enforcement method provided by an embodiment of the present invention;
fig. 3 is a schematic structural diagram illustrating an authentication security policy enforcement device according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a computing device provided in an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
Fig. 1 shows a flowchart of an authentication security policy enforcement method according to an embodiment of the present invention. The method is performed by an electronic device. As shown in fig. 1, the authentication security policy enforcement method includes:
step S11: receiving an authentication request initiated by a user, and acquiring an authentication chain at least comprising an authentication method.
The authentication chain is a chain in which a plurality of authentication methods are performed in combination. In the embodiment of the present invention, optionally, different authentication chains are obtained according to different applications, where the authentication chains include an authentication method and an execution sequence. Judgment logic may also be included in the authentication chain. The authentication chain may be composed by obtaining a plurality of authentication methods, execution orders, and determination logics corresponding to the authentication request according to an application. The pre-stored authentication chain corresponding to the authentication request can also be selected according to the application.
Step S12: and acquiring and executing a preposed security policy section based on the authentication method, wherein the preposed security policy section comprises at least one preposed security policy.
In the embodiment of the invention, the section is an implementation mode for extracting codes related to non-service logic and positioning the codes to a specific connection point. Before the authentication request is executed, a plurality of pre-configured security policy facets may be set, and the pre-configured security policies set in each pre-configured security policy facet are different. In step S12, optionally, before executing the authentication request, checking whether the pre-configured security policy facet is configured; and if so, acquiring and executing the preposed security policy section. And if a plurality of preposed security policy sections are arranged before the authentication request is executed, sequentially executing the preposed security policy sections to judge whether the configured security policy and the service policy are hit and met or not and executing the execution result set by the preposed security policy.
Step S13: and executing the authentication request after the pre-security policy is hit.
In the embodiment of the invention, the content of all the preposed strategy security tangent planes is executed, and the preposed security strategies pass, so that the authentication request sent by the user is executed.
Step S14: and after the authentication request is completed, acquiring and executing a post-security policy section, wherein the post-security policy section comprises at least one post-security policy.
In the embodiment of the present invention, after the authentication request is executed, a plurality of post security policy facets may be set, and the post security policies set in each post security policy facet are different. In step S14, optionally, after the authentication request is executed, checking whether the post-security policy facet is configured; and if so, acquiring and executing the post-security policy section. And if a plurality of rear security policy sections are set after the authentication request is executed, sequentially executing the plurality of rear security policy sections to judge whether the configured security policy and the service policy are hit and met, and executing the execution result set by the rear security policy. Thus, the authentication based on an authentication method in the authentication chain is completed, and the authentication strategy definition and the control range are more comprehensive and more flexible and the security execution points are more by introducing the security strategy section, thereby being more beneficial to the control and protection of the authentication security.
And if the authentication chain comprises a plurality of authentication methods, namely multi-factor authentication, executing the authentication request according to the plurality of authentication methods in sequence according to the execution sequence. When the authentication request is executed according to each authentication method, the security policy section and the post-security policy section can be set, and the execution steps are the same. For example, as shown in fig. 2, the two-factor authentication is split into two levels of authentication, where the first level of authentication is a graph verification code verification, and the second level of authentication is an access ip limitation verification. After the multi-factor authentication is split and executed, the embodiment of the invention sets the authentication front-end strategy security section and the authentication rear-end strategy security section, and when each authentication loop is executed, the requirement of executing the authentication security strategy is met, otherwise, the authentication service is not accessible to the outside. Therefore, the embodiment of the invention not only can define the safety constraint, but also can make specific business strategy execution according to different applications of different enterprises, thereby meeting various flexible and changeable scene requirements.
The embodiment of the invention obtains an authentication chain at least comprising an authentication method by receiving an authentication request initiated by a user; acquiring and executing a pre-posed security policy section based on the authentication method, wherein the pre-posed security policy section comprises at least one pre-posed security policy; after the pre-security policy is hit, executing the authentication request; after the authentication request is completed, a post-safety strategy section is obtained and executed, and the post-safety strategy section comprises at least one post-safety strategy, so that the control and protection of authentication safety can be facilitated, and various flexible and changeable scene requirements can be met.
Fig. 3 is a schematic structural diagram of an authentication security policy enforcement device according to an embodiment of the present invention. As shown in fig. 3, the authentication security policy enforcement device includes: an authentication chain acquisition unit 301, a front policy execution unit 302, an authentication unit 303, and a back policy execution unit 304. Wherein:
the authentication chain acquiring unit 301 is configured to receive an authentication request initiated by a user, and acquire an authentication chain including at least one authentication method; the pre-policy execution unit 302 is configured to obtain and execute a pre-security policy section based on the authentication method, where the pre-security policy section includes at least one pre-security policy; the authentication unit 303 is configured to execute the authentication request after the pre-security policy is hit; the post-policy executing unit 304 is configured to obtain and execute a post-security policy section after the authentication request is completed, where the post-security policy section includes at least one post-security policy.
In an optional manner, the certificate chain obtaining unit 301 is configured to: and acquiring different authentication chains according to different applications, wherein the authentication chains comprise authentication methods and execution sequences.
In an optional manner, the certificate chain obtaining unit 301 is configured to: and acquiring a plurality of authentication methods, execution sequences and judgment logics corresponding to the authentication requests according to the application and forming the authentication chain.
In an optional manner, the certificate chain obtaining unit 301 is configured to: and selecting the pre-stored authentication chain corresponding to the authentication request according to the application.
In an alternative manner, the front policy executing unit 302 is configured to: checking whether the pre-configured security policy facet is configured before executing the authentication request; and if so, acquiring and executing the preposed security policy section.
In an alternative manner, the post-policy enforcement unit 304 is configured to: checking whether the post-security policy section is configured; and if so, acquiring and executing the post-security policy section.
In an optional manner, the authentication unit 303 is configured to: and if the authentication chain comprises a plurality of authentication methods, executing the authentication request according to the plurality of authentication methods in sequence according to an execution sequence.
The embodiment of the invention obtains an authentication chain at least comprising an authentication method by receiving an authentication request initiated by a user; acquiring and executing a pre-posed security policy section based on the authentication method, wherein the pre-posed security policy section comprises at least one pre-posed security policy; after the pre-security policy is hit, executing the authentication request; after the authentication request is completed, a post-safety strategy section is obtained and executed, and the post-safety strategy section comprises at least one post-safety strategy, so that the control and protection of authentication safety can be facilitated, and various flexible and changeable scene requirements can be met.
An embodiment of the present invention provides a non-volatile computer storage medium, where the computer storage medium stores at least one executable instruction, and the computer executable instruction may execute the authentication security policy execution method in any method embodiment described above.
The executable instructions may be specifically configured to cause the processor to:
receiving an authentication request initiated by a user, and acquiring an authentication chain at least comprising an authentication method;
acquiring and executing a pre-posed security policy section based on the authentication method, wherein the pre-posed security policy section comprises at least one pre-posed security policy;
after the pre-security policy is hit, executing the authentication request;
and after the authentication request is completed, acquiring and executing a post-security policy section, wherein the post-security policy section comprises at least one post-security policy.
In an alternative, the executable instructions cause the processor to:
and acquiring different authentication chains according to different applications, wherein the authentication chains comprise authentication methods and execution sequences.
In an alternative, the executable instructions cause the processor to:
and acquiring a plurality of authentication methods, execution sequences and judgment logics corresponding to the authentication requests according to the application and forming the authentication chain.
In an alternative, the executable instructions cause the processor to:
and selecting the pre-stored authentication chain corresponding to the authentication request according to the application.
In an alternative, the executable instructions cause the processor to:
checking whether the pre-configured security policy facet is configured before executing the authentication request;
and if so, acquiring and executing the preposed security policy section.
In an alternative, the executable instructions cause the processor to:
checking whether the post-security policy section is configured;
and if so, acquiring and executing the post-security policy section.
In an alternative, the executable instructions cause the processor to:
and if the authentication chain comprises a plurality of authentication methods, executing the authentication request according to the plurality of authentication methods in sequence according to an execution sequence.
The embodiment of the invention obtains an authentication chain at least comprising an authentication method by receiving an authentication request initiated by a user; acquiring and executing a pre-posed security policy section based on the authentication method, wherein the pre-posed security policy section comprises at least one pre-posed security policy; after the pre-security policy is hit, executing the authentication request; after the authentication request is completed, a post-safety strategy section is obtained and executed, and the post-safety strategy section comprises at least one post-safety strategy, so that the control and protection of authentication safety can be facilitated, and various flexible and changeable scene requirements can be met.
Embodiments of the present invention provide a computer program, where the computer program can be invoked by a processor to enable a base station device to execute an authentication security policy execution method in any of the above method embodiments.
An embodiment of the present invention provides a computer program product, which includes a computer program stored on a computer storage medium, the computer program including program instructions, which, when executed by a computer, cause the computer to execute the authentication security policy execution method in any of the above-mentioned method embodiments.
The executable instructions may be specifically configured to cause the processor to:
receiving an authentication request initiated by a user, and acquiring an authentication chain at least comprising an authentication method;
acquiring and executing a pre-posed security policy section based on the authentication method, wherein the pre-posed security policy section comprises at least one pre-posed security policy;
after the pre-security policy is hit, executing the authentication request;
and after the authentication request is completed, acquiring and executing a post-security policy section, wherein the post-security policy section comprises at least one post-security policy.
In an alternative, the executable instructions cause the processor to:
and acquiring different authentication chains according to different applications, wherein the authentication chains comprise authentication methods and execution sequences.
In an alternative, the executable instructions cause the processor to:
and acquiring a plurality of authentication methods, execution sequences and judgment logics corresponding to the authentication requests according to the application and forming the authentication chain.
In an alternative, the executable instructions cause the processor to:
and selecting the pre-stored authentication chain corresponding to the authentication request according to the application.
In an alternative, the executable instructions cause the processor to:
checking whether the pre-configured security policy facet is configured before executing the authentication request;
and if so, acquiring and executing the preposed security policy section.
In an alternative, the executable instructions cause the processor to:
checking whether the post-security policy section is configured;
and if so, acquiring and executing the post-security policy section.
In an alternative, the executable instructions cause the processor to:
and if the authentication chain comprises a plurality of authentication methods, executing the authentication request according to the plurality of authentication methods in sequence according to an execution sequence.
The embodiment of the invention obtains an authentication chain at least comprising an authentication method by receiving an authentication request initiated by a user; acquiring and executing a pre-posed security policy section based on the authentication method, wherein the pre-posed security policy section comprises at least one pre-posed security policy; after the pre-security policy is hit, executing the authentication request; after the authentication request is completed, a post-safety strategy section is obtained and executed, and the post-safety strategy section comprises at least one post-safety strategy, so that the control and protection of authentication safety can be facilitated, and various flexible and changeable scene requirements can be met.
Fig. 4 is a schematic structural diagram of a computing device according to an embodiment of the present invention, and the specific embodiment of the present invention does not limit the specific implementation of the device.
As shown in fig. 4, the computing device may include: a processor (processor)402, a Communications Interface 404, a memory 406, and a Communications bus 408.
Wherein: the processor 402, communication interface 404, and memory 406 communicate with each other via a communication bus 408. A communication interface 404 for communicating with network elements of other devices, such as clients or other servers. The processor 402 is configured to execute the program 410, and may specifically perform relevant steps in the above-described authentication security policy execution method embodiment.
In particular, program 410 may include program code comprising computer operating instructions.
The processor 402 may be a central processing unit CPU or an application Specific Integrated circuit asic or an Integrated circuit or Integrated circuits configured to implement embodiments of the present invention. The one or each processor included in the device may be the same type of processor, such as one or each CPU; or may be different types of processors such as one or each CPU and one or each ASIC.
And a memory 406 for storing a program 410. Memory 406 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 410 may specifically be configured to cause the processor 402 to perform the following operations:
receiving an authentication request initiated by a user, and acquiring an authentication chain at least comprising an authentication method;
acquiring and executing a pre-posed security policy section based on the authentication method, wherein the pre-posed security policy section comprises at least one pre-posed security policy;
after the pre-security policy is hit, executing the authentication request;
and after the authentication request is completed, acquiring and executing a post-security policy section, wherein the post-security policy section comprises at least one post-security policy.
In an alternative, the program 410 causes the processor to:
and acquiring different authentication chains according to different applications, wherein the authentication chains comprise authentication methods and execution sequences.
In an alternative, the program 410 causes the processor to:
and acquiring a plurality of authentication methods, execution sequences and judgment logics corresponding to the authentication requests according to the application and forming the authentication chain.
In an alternative, the program 410 causes the processor to:
and selecting the pre-stored authentication chain corresponding to the authentication request according to the application.
In an alternative, the program 410 causes the processor to:
checking whether the pre-configured security policy facet is configured before executing the authentication request;
and if so, acquiring and executing the preposed security policy section.
In an alternative, the program 410 causes the processor to:
checking whether the post-security policy section is configured;
and if so, acquiring and executing the post-security policy section.
In an alternative, the program 410 causes the processor to:
and if the authentication chain comprises a plurality of authentication methods, executing the authentication request according to the plurality of authentication methods in sequence according to an execution sequence.
The embodiment of the invention obtains an authentication chain at least comprising an authentication method by receiving an authentication request initiated by a user; acquiring and executing a pre-posed security policy section based on the authentication method, wherein the pre-posed security policy section comprises at least one pre-posed security policy; after the pre-security policy is hit, executing the authentication request; after the authentication request is completed, a post-safety strategy section is obtained and executed, and the post-safety strategy section comprises at least one post-safety strategy, so that the control and protection of authentication safety can be facilitated, and various flexible and changeable scene requirements can be met.
The algorithms or displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. In addition, embodiments of the present invention are not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the embodiments of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the invention and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names. The steps in the above embodiments should not be construed as limiting the order of execution unless specified otherwise.
Claims (10)
1. An authenticated security policy enforcement method, the method comprising:
receiving an authentication request initiated by a user, and acquiring an authentication chain at least comprising an authentication method;
acquiring and executing a pre-posed security policy section based on the authentication method, wherein the pre-posed security policy section comprises at least one pre-posed security policy;
after the pre-security policy is hit, executing the authentication request;
and after the authentication request is completed, acquiring and executing a post-security policy section, wherein the post-security policy section comprises at least one post-security policy.
2. The method of claim 1, wherein obtaining the authentication chain including at least one authentication method comprises:
and acquiring different authentication chains according to different applications, wherein the authentication chains comprise authentication methods and execution sequences.
3. The method of claim 2, wherein obtaining the different authentication chains according to different applications comprises:
and acquiring a plurality of authentication methods, execution sequences and judgment logics corresponding to the authentication requests according to the application and forming the authentication chain.
4. The method of claim 2, wherein obtaining the different authentication chains according to different applications comprises:
and selecting the pre-stored authentication chain corresponding to the authentication request according to the application.
5. The method of claim 1, wherein obtaining and executing a pre-configured security policy profile based on the authentication method comprises:
checking whether the pre-configured security policy facet is configured before executing the authentication request;
and if so, acquiring and executing the preposed security policy section.
6. The method of claim 1, wherein obtaining and executing the post-security policy facet comprises:
checking whether the post-security policy section is configured;
and if so, acquiring and executing the post-security policy section.
7. The method of claim 1, wherein obtaining and executing the post-security policy cut plane comprises:
and if the authentication chain comprises a plurality of authentication methods, executing the authentication request according to the plurality of authentication methods in sequence according to an execution sequence.
8. An authenticated security policy enforcement device, the device comprising:
the authentication chain acquiring unit is used for receiving an authentication request initiated by a user and acquiring an authentication chain at least comprising an authentication method;
the preposed policy executing unit is used for acquiring and executing a preposed security policy section based on the authentication method, wherein the preposed security policy section comprises at least one preposed security policy;
the authentication unit is used for executing the authentication request after the pre-security policy is hit;
and the post-policy execution unit is used for acquiring and executing a post-security policy section after the authentication request is completed, wherein the post-security policy section comprises at least one post-security policy.
9. A computing device, comprising: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is configured to store at least one executable instruction that causes the processor to perform the steps of the authentication security policy enforcement method according to any one of claims 1-7.
10. A computer storage medium having stored therein at least one executable instruction for causing a processor to perform the steps of the authentication security policy enforcement method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110830057.4A CN113660211A (en) | 2021-07-22 | 2021-07-22 | Authentication security policy execution method and device and computing equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110830057.4A CN113660211A (en) | 2021-07-22 | 2021-07-22 | Authentication security policy execution method and device and computing equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113660211A true CN113660211A (en) | 2021-11-16 |
Family
ID=78489724
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110830057.4A Pending CN113660211A (en) | 2021-07-22 | 2021-07-22 | Authentication security policy execution method and device and computing equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113660211A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105337978A (en) * | 2015-11-17 | 2016-02-17 | 浪潮(北京)电子信息产业有限公司 | Section permission validation method and system based on security service block |
| CN107508793A (en) * | 2017-07-13 | 2017-12-22 | 微梦创科网络科技(中国)有限公司 | A kind of method and device based on towards tangent plane programming AOP certifications and mandate |
| US20190109833A1 (en) * | 2017-10-05 | 2019-04-11 | CA, Inc | Adaptive selection of authentication schemes in mfa |
| CN111767149A (en) * | 2020-06-29 | 2020-10-13 | 百度在线网络技术(北京)有限公司 | Scheduling method, device, equipment and storage equipment |
| CN112597478A (en) * | 2020-12-25 | 2021-04-02 | 上海传英信息技术有限公司 | Identity authentication method, electronic device and storage medium |
-
2021
- 2021-07-22 CN CN202110830057.4A patent/CN113660211A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105337978A (en) * | 2015-11-17 | 2016-02-17 | 浪潮(北京)电子信息产业有限公司 | Section permission validation method and system based on security service block |
| CN107508793A (en) * | 2017-07-13 | 2017-12-22 | 微梦创科网络科技(中国)有限公司 | A kind of method and device based on towards tangent plane programming AOP certifications and mandate |
| US20190109833A1 (en) * | 2017-10-05 | 2019-04-11 | CA, Inc | Adaptive selection of authentication schemes in mfa |
| CN111767149A (en) * | 2020-06-29 | 2020-10-13 | 百度在线网络技术(北京)有限公司 | Scheduling method, device, equipment and storage equipment |
| CN112597478A (en) * | 2020-12-25 | 2021-04-02 | 上海传英信息技术有限公司 | Identity authentication method, electronic device and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 陈丁等: "《Java EE程序设计教程》", 31 March 2018, 西安电子科技大学出版社 * |
| 陈学明: "《Spring+Spring MVC+MyBatis整合开发实战》", 30 June 2020, 机械工业出版社 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20190294479A1 (en) | Resource scheduling method, system, server, and storage medium | |
| US9699028B2 (en) | Method and device for updating client | |
| US11296881B2 (en) | Using IP heuristics to protect access tokens from theft and replay | |
| CN108572970B (en) | Structured data processing method and distributed processing system | |
| CN110784450A (en) | Single sign-on method and device based on browser | |
| US10284561B2 (en) | Method and server for providing image captcha | |
| CN106549909B (en) | Authorization verification method and device | |
| WO2015074443A1 (en) | An operation processing method and device | |
| TW202113722A (en) | Data processing method, device and system based on block chain and electronic equipment | |
| US10084777B2 (en) | Secure data processing method and system | |
| CN108809943B (en) | Website monitoring method and device | |
| CN110213250B (en) | Data processing method and terminal equipment | |
| CN111274204B (en) | Terminal identification method, method for generating mobile equipment identification combined code and device thereof | |
| US8904508B2 (en) | System and method for real time secure image based key generation using partial polygons assembled into a master composite image | |
| CN113660211A (en) | Authentication security policy execution method and device and computing equipment | |
| CN113935008B (en) | User authentication method, device, electronic equipment and computer readable storage medium | |
| CN105516134A (en) | Authentication method and system for system integration | |
| CN111698196A (en) | Authentication method and micro-service system | |
| CN114567678A (en) | Resource calling method and device of cloud security service and electronic equipment | |
| CN105847216A (en) | Identity authentication method and device | |
| CN110866827A (en) | Method and device for processing general certificate, storage medium and server | |
| CN112182665B (en) | Equipment ID generation method, equipment binding method and device and computing equipment | |
| CN117272278B (en) | Decentralization management method and device for digital asset platform | |
| CN112734360B (en) | End-to-end business process management method, device, equipment and storage medium | |
| CN110286913B (en) | Check code packet deployment method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211116 |
|
| RJ01 | Rejection of invention patent application after publication |