CN114143056B - Terminal access method and device, electronic equipment and storage medium - Google Patents

Terminal access method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN114143056B
CN114143056B CN202111406971.2A CN202111406971A CN114143056B CN 114143056 B CN114143056 B CN 114143056B CN 202111406971 A CN202111406971 A CN 202111406971A CN 114143056 B CN114143056 B CN 114143056B
Authority
CN
China
Prior art keywords
gateway
server
client
access request
client gateway
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111406971.2A
Other languages
Chinese (zh)
Other versions
CN114143056A (en
Inventor
吴良华
谭翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Para Software Co ltd
Original Assignee
Shanghai Para Software Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Para Software Co ltd filed Critical Shanghai Para Software Co ltd
Priority to CN202111406971.2A priority Critical patent/CN114143056B/en
Publication of CN114143056A publication Critical patent/CN114143056A/en
Application granted granted Critical
Publication of CN114143056B publication Critical patent/CN114143056B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Abstract

The invention discloses a terminal access method, a terminal access device, electronic equipment and a storage medium. The method comprises the following steps: receiving an access request sent by a terminal through a client gateway; verifying whether the client gateway is trusted; when the client gateway is trusted, determining a server gateway according to the access request; and sending an access request and address information of the client gateway to the server gateway so that the server gateway generates a link establishment request according to the access request and the address information of the client gateway, wherein the link establishment request is used for requesting the client gateway to establish a communication link with the server gateway. The embodiment of the invention solves the port communication security problem that the server is in an open state, can establish a communication link between the client gateway and the server gateway according to the trust verification of the client gateway and the server gateway by the verification server, avoids the server port from being attacked and detected maliciously, and ensures the security of the server resource.

Description

Terminal access method and device, electronic equipment and storage medium
Technical Field
The embodiment of the invention relates to a computer technology, in particular to a terminal access method, a terminal access device, electronic equipment and a storage medium.
Background
With the development of computing technology, the life style and working mode of the internet and human beings are already indistinct, a large amount of information is transmitted through a network, meanwhile, the information leakage is caused by the technical loopholes of the internet communication, and the information security transmission becomes the focus of attention. At present, a network protocol is used for guaranteeing safe transmission of information on the Internet, when cloud resource access is carried out, a resource port of the cloud is in an open state, so that a terminal can acquire corresponding resource information according to an access request, but the resource port in the open state is extremely easy to be attacked and detected maliciously, and the safety of cloud resources cannot be guaranteed.
Disclosure of Invention
The invention provides a terminal access method, a terminal access device, electronic equipment and a storage medium, which are used for solving the problem of port communication safety of a server gateway in an open state, avoiding malignant attack and detection of the server port and ensuring the safety of server resources.
In a first aspect, an embodiment of the present invention provides a terminal access method, which is applied to an authentication server, where the method includes:
receiving an access request sent by a terminal through a client gateway;
verifying whether the client gateway is trusted;
When the client gateway is trusted, determining a server gateway according to the access request;
and sending the access request and the address information of the client gateway to the server gateway so that the server gateway generates a link establishment request according to the access request and the address information of the client gateway, wherein the link establishment request is used for requesting the client gateway to establish a communication link with the server gateway.
Further, when the client gateway is trusted, determining a server gateway according to the access request includes:
determining the regional distance and the load state of each server gateway according to the online notification;
determining the priority level corresponding to each server gateway according to the regional distance and the load state of each server gateway;
and determining the server gateways according to the priority levels corresponding to the server gateways and the access requests.
Further, determining the area distance and the load state of each online server gateway according to the online notification includes:
and receiving online notifications sent by the gateways at preset intervals, wherein the online notifications comprise area addresses and load states of the gateways.
Further, the verifying whether the client gateway is trusted includes:
determining whether the identification information of the client gateway exists in the registered client gateway information;
and when the identification information of the client gateway exists in the registered client gateway information, determining that the client gateway is credible.
Further, before receiving the access request sent by the terminal through the client gateway, the method further includes:
starting the verification server;
receiving registration information sent by the client gateway, verifying the client gateway based on the registration information sent by the client gateway, and adding identification information of the client gateway to the registered client gateway information when verification passes; and receiving the registration information sent by the server-side gateway, verifying the server-side gateway based on the registration information sent by the server-side gateway, and adding the identification information of the server-side gateway to the registered server-side gateway information when the verification passes.
In a second aspect, an embodiment of the present invention provides a terminal access device, applied to an authentication server, including:
the first request receiving module is used for receiving an access request sent by the terminal through the client gateway;
The first trusted verification module is used for verifying whether the client gateway is trusted or not;
the gateway determining module is used for determining a server gateway according to the access request when the client gateway is trusted;
the information sending module is used for sending the access request and the address information of the client gateway to the server gateway so that the server gateway generates a link establishment request according to the access request and the address information of the client gateway, and the link establishment request is used for requesting the client gateway to establish a communication link with the server gateway.
In a third aspect, an embodiment of the present invention provides a terminal access method, applied to a client gateway,
comprising the following steps:
receiving an access request sent by a terminal, and sending the access request to a verification server;
receiving a link establishment request sent by a server gateway, wherein the link establishment request is generated by the server gateway according to the access request and the address information of the client gateway, and the access request and the address information of the client gateway are sent to the server gateway when the authentication server authenticates the client gateway and determines that the client gateway is trusted;
Verifying whether the server gateway is trusted or not;
and when the server-side gateway is trusted, establishing a communication link with the server-side gateway.
Further, the verifying whether the server-side gateway is trusted includes:
determining whether the identification information of the server gateway exists in the registered server gateway information acquired from the verification server;
and when the identification information of the server-side gateway exists in the registered server-side gateway information, determining that the server-side gateway is credible.
Further, the verifying whether the server-side gateway is trusted includes:
and sending the identification information of the server-side gateway to the verification server so that the verification server verifies whether the server-side gateway is trusted according to the identification information of the server-side gateway, and receives a trusted verification message sent by the verification server, wherein the trusted verification message is used for indicating whether the server-side gateway is trusted.
In a fourth aspect, an embodiment of the present invention provides a terminal access device, applied to a client gateway, where the device includes:
the second request receiving module is used for receiving the access request sent by the terminal and sending the access request to the verification server;
The third request receiving module is used for receiving a link establishment request sent by a server gateway, wherein the link establishment request is generated by the server gateway according to the access request and the address information of the client gateway, and the access request and the address information of the client gateway are sent to the server gateway when the authentication server authenticates the client gateway and determines that the client gateway is trusted;
the second trusted verification module is used for verifying whether the server gateway is trusted or not;
and the link establishing module is used for establishing a communication link with the server-side gateway when the server-side gateway is trusted.
In a fifth aspect, an embodiment of the present invention provides an electronic device, including:
one or more processors;
storage means for storing one or more programs,
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the terminal access method as described.
In a sixth aspect, an embodiment of the present invention provides a computer readable storage medium having stored thereon a computer program which when executed by a processor implements a terminal access method as described.
In the embodiment of the invention, the access request sent by the terminal can be received through the client gateway; verifying whether the client gateway is trusted; when the client gateway is trusted, determining a server gateway according to the access request; and sending an access request and address information of the client gateway to the server gateway so that the server gateway generates a link establishment request according to the access request and the address information of the client gateway, wherein the link establishment request is used for requesting the client gateway to establish a communication link with the server gateway. The embodiment of the invention solves the port communication security problem that the server is in an open state, can utilize the verification server to verify whether the client gateway and the server gateway before establishing the link are trusted, ensure the legitimacy of the identities of the client gateway and the server gateway for establishing the communication link, and then establish the communication link between the trusted client gateway and the server gateway without verifying the server to establish the communication link between the client gateway and the server gateway, so that the communication link has a certain degree of concealment, the server port is prevented from being attacked and detected by malignancy, and the security of the server resource is ensured.
Drawings
FIG. 1 is a schematic flow chart of a terminal access method according to an embodiment of the present invention;
fig. 2 is another flow chart of a terminal access method according to an embodiment of the present invention;
FIG. 3 is another flow chart of a terminal access method provided by an embodiment of the present invention;
fig. 4 is a schematic structural view of a terminal access device according to an embodiment of the present invention;
fig. 5 is another schematic structural view of a terminal access device according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting thereof. It should be further noted that, for convenience of description, only some, but not all of the structures related to the present invention are shown in the drawings.
Fig. 1 is a flowchart of a terminal access method according to an embodiment of the present invention. The embodiment is applicable to the situation that the client gateway and the server gateway establish a communication link under the condition that the terminal accesses the server, and the method can be executed by the terminal access device provided by the embodiment of the invention, and the device can be realized in a software and/or hardware mode and can be generally integrated in a server. As shown in fig. 1, the method in this embodiment specifically includes:
Step 110, receiving an access request sent by a terminal through a client gateway;
by way of example, an access request is understood to be a request for accessing server-side data from a terminal in response to a user-side request, where the access request may be sent by the terminal to a client gateway, and the client gateway receives the access request from the terminal and forwards the access request to an authentication server. The client gateway can be a security gateway installed on a user side or a user authentication gateway installed on the user side, and when the client gateway has an application-level filtering function for the security gateway on the user side, unsafe factors are prevented from invading into data resources of the verification server, the server gateway and the server according to requirements; when the client gateway is the security authentication gateway of the user, the client gateway needs to have the function of a user identity authentication proxy, and is used for verifying the identity of the terminal in an identity authentication mode, and confirming whether the terminal is forwarded to a verification server or not. The terminal may be understood as an input/output device connected to the computing system, and configured to send an access request generated according to a user requirement, and receive server data corresponding to the access request returned by the server.
In the specific implementation, an access request is generated at a terminal according to requirements and is sent to a client gateway, and the client gateway determines whether the access request is filtered according to the setting requirements or whether the authentication confirmation is forwarded to an authentication server according to the access request; when the client gateway determines that the access request does not need to be filtered, or the terminal authentication passes through the request of forwarding the access request to the authentication server, the authentication server receives the access request sent by the terminal through the client gateway.
Step 120, verifying whether the client gateway is trusted;
the authentication server may be understood as a computer that performs trusted authentication on the client gateway and the server gateway according to the registration situation, and performs trusted authentication on the client gateway and the server gateway according to the stored registered client gateway information and the registered server gateway information. The verification server is provided with a registration service in an open state, and can confirm validity according to the identity verification information sent by the client gateway and the server gateway, and correspondingly store the identification information of the client gateway and the identification information of the server gateway with the validity to the registered client gateway information and the registered server gateway information so as to perform trusted verification on the client gateway and the server gateway according to the registered client gateway information and the registered server gateway information.
In a specific implementation, when the client gateway determines that the access request does not need to be filtered, or the terminal identity authentication passes through the need of forwarding the access request to the authentication server, the authentication server receives the access request sent by the terminal through the client gateway. And determining whether the identification information of the client gateway exists in the registered client gateway information or not according to the identification information of the client gateway for transmitting the access request. If the registered client gateway information contains the identification information of the client gateway, the client gateway is trusted, passes the identity verification and is registered in the verification server. If the registered client gateway information does not contain the identification information of the client gateway, the client gateway is not trusted, the authentication is not passed, and the client gateway is not registered in the authentication server.
Step 130, determining a server gateway according to the access request when the client gateway is trusted;
the server gateway is used for receiving an access request sent by the verification server and forwarding the access request to the server, and has network application security defense and management and control capabilities, wherein the server gateway can be a security gateway or unified threat management (Unified Threat Management, UTM) and has anti-virus processing capability, and the server is protected by bidirectional filtering, scanning and processing protocol traffic; when the server gateway is a security gateway of the server side, the server gateway has an application level filtering function, and data resources of the server are prevented from being invaded by unsafe factors according to requirements.
In specific implementation, if the identification information of the client gateway does not exist in the registered client gateway information, the client gateway is not trusted, the identity verification is not passed, and the client gateway is not registered in the verification server. The server gateway determined according to the access request may be a server gateway which determines, according to the access request, that the registered server gateway information may be provided to a data resource corresponding to the access request; or determining a server gateway with a preferred access request in the registered server gateway information according to the performance of the server gateway; the preferred server gateway of the access request can be determined according to the area distance and the load state of each server gateway in the registered server gateway information, so that the purposes of improving the access speed and rapidly acquiring the data resources are achieved.
And 140, sending the access request and the address information of the client gateway to the server gateway, so that the server gateway generates a link establishment request according to the access request and the address information of the client gateway, wherein the link establishment request is used for requesting the client gateway to establish a communication link with the server gateway.
For example, the address information of the client gateway may be understood as access information of the client gateway in the network, which is used as an access address of other gateways or devices in the network to access the client gateway, and is used to indicate a location of the client gateway device in the network or generate an access connection according to actual requirements, where the address information of the client gateway includes a memory address of the client gateway, a location serial number in the network, and so on. The link establishment request may be understood as a request that the server gateway is configured to establish a hidden communication link unknown to other devices between the server gateway and the client gateway, where the link establishment request is used for a request that the server gateway and the client gateway establish a communication link without going through other devices, and has strong hidden property. A communication link may be understood as a link between a server gateway and a client gateway that transmits information.
In the specific implementation, when the client gateway is trusted, the verification server determines the server gateway according to the access request, and sends the access request and address information of the client gateway to the server gateway, and the server gateway generates a link establishment request according to the access request and the address information of the client gateway. The server gateway sends a link establishment request to the client gateway according to the address information of the client gateway, and the client gateway establishes a communication link with the server gateway according to the link establishment request, so that after the client gateway receives an access request of a terminal, the client gateway successfully acquires data resources through the communication link according to the access request.
In the embodiment of the invention, the access request sent by the terminal can be received through the client gateway; verifying whether the client gateway is trusted; when the client gateway is trusted, determining a server gateway according to the access request; and sending an access request and address information of the client gateway to the server gateway so that the server gateway generates a link establishment request according to the access request and the address information of the client gateway, wherein the link establishment request is used for requesting the client gateway to establish a communication link with the server gateway. The embodiment of the invention solves the port communication security problem that the server is in an open state, can utilize the verification server to verify whether the client gateway and the server gateway before establishing the link are trusted, ensure the legitimacy of the identities of the client gateway and the server gateway for establishing the communication link, and then establish the communication link between the trusted client gateway and the server gateway without verifying the server to establish the communication link between the client gateway and the server gateway, so that the communication link has a certain degree of concealment, the server port is prevented from being attacked and detected by malignancy, and the security of the server resource is ensured.
The terminal access method provided by the embodiment of the invention is further described below, and as shown in fig. 2, the method specifically includes the following steps:
step 210, receiving an access request sent by a terminal through a client gateway;
further, before receiving the access request sent by the terminal through the client gateway, the method further includes:
starting the verification server;
receiving registration information sent by the client gateway, verifying the client gateway based on the registration information sent by the client gateway, and adding identification information of the client gateway to the registered client gateway information when verification passes; and receiving the registration information sent by the server-side gateway, verifying the server-side gateway based on the registration information sent by the server-side gateway, and adding the identification information of the server-side gateway to the registered server-side gateway information when the verification passes.
For example, on the premise that the access request sent by the client terminal is received, the authentication server is in an activated state, and the authentication server allows the client gateway and the server gateway to register and receives registration messages sent by the client gateway and the server gateway.
In the specific implementation, a verification server is started, and the client gateway and the server gateway are allowed to register; receiving registration information sent by a client gateway, performing identity verification on the client gateway by a verification server according to the registration information sent by the client gateway, determining the identity security (namely legality) of the client gateway in a network, if the client gateway passes the identity verification, indicating that the client gateway has security in the network, and adding the identification information of the client gateway to registered client gateway information in the verification server; if the client gateway fails the authentication, it indicates that the client gateway does not have security in the network, and it cannot register in the authentication server. In addition, if the verification server receives the registration information sent by the server gateway, the verification server performs identity verification on the server gateway according to the registration information sent by the server gateway, determines the security (i.e. legality) of the identity of the server gateway in the network, if the server gateway passes the identity verification, the server gateway is indicated to have security in the network, and the identification information of the server gateway is added to the registered server gateway information in the verification server; if the server gateway fails the authentication, it indicates that the server gateway does not have security in the network, and it cannot register in the authentication server.
Step 220, verifying whether the client gateway is trusted;
further, the verifying whether the client gateway is trusted includes:
determining whether the identification information of the client gateway exists in the registered client gateway information;
and when the identification information of the client gateway exists in the registered client gateway information, determining that the client gateway is credible.
The identification information of the client gateway may be understood as an identification of the client gateway in the network, which is used to distinguish between different client gateways in the network, and may be an IP address (the IP address includes a network number and a gateway host number) of the gateway, or may be a unique identification generated by a gateway name and an address. Registered client gateway information may be understood as a collection of identification information of the client gateway that determines the identity stored in the authentication server.
In a specific implementation, identification information of a client gateway sending an access request is determined according to the access request, and whether the identification information of the client gateway exists in registered client gateway information is determined. If the registered client gateway information contains the identification information of the client gateway, the client gateway is trusted, passes the identity verification and is registered in the verification server. If the registered client gateway information does not contain the identification information of the client gateway, the client gateway is not trusted, the authentication is not passed, and the client gateway is not registered in the authentication server.
Step 230, determining the area distance and the load state of each server gateway according to the online notification;
for example, the online notification may be understood that the registered server gateway is in an online state and sends the online notification to the verification server, where the online notification sets a message included in the online notification according to actual requirements, such as an area address of the server gateway and a load state of the server gateway. The regional distance of the server gateway can be understood as the regional distance calculated according to the regional address of the client gateway sending the access request and the regional address of the server gateway, and is used for measuring the transmission distance between the server gateway and the network of the client gateway. The load state of the server gateway can be understood as determining the saturation of the processing of the server gateway according to the number of the access requests processed by the current server gateway and the speed of processing the access requests, wherein the load state of the server gateway can be a full load state, an overload state, an idle state and a normal running state, the full load state can be that the number of the access requests processed by the server gateway is in the saturation state, and when any one of the access requests which are currently being processed is not processed, other access requests cannot be processed; the overload state can be that the number of access requests processed by the server gateway is in a saturated state, and the access requests waiting for processing are waiting for processing in a queue; the idle state may be that the server gateway is not currently processing the access request; the normal running state may be that the number of access requests processed by the server gateway is not in a saturated state, and may also receive the access requests for processing.
In the specific implementation, a verification server is started, a client gateway and a server gateway are allowed to register, the client gateway and the server gateway are registered according to registration information, registered client gateway information and registered server gateway information are determined, when the client gateway is verified to be credible, an online server gateway which receives online notification information in the registered server gateway information is determined, and the regional distance and the load state of each server gateway are determined according to online notification of each online server gateway.
Further, determining the area distance and the load state of each online server gateway according to the online notification includes:
and receiving online notifications sent by the gateways at preset intervals, wherein the online notifications comprise area addresses and load states of the gateways.
In the specific implementation, an online notification sent by each server gateway is received to a verification server according to actual requirements and experimental data in a preset time period, the verification server determines an area address and a load state in the online notification in each server gateway, and determines an area distance and a load state corresponding to each server gateway according to address information of a client. The regional distance can determine the network transmission distance between the client and the server according to the client address information and the regional address, so as to find the transmission distance with the minimum distance between the server gateway and the client gateway in the normal running state, and establish a communication link between the server gateway and the client gateway.
Step 240, determining a priority level corresponding to each server gateway according to the regional distance and the load state of each server gateway;
for example, the priority level corresponding to each server gateway may be understood as determining a level score of each server gateway according to the area distance and the load state, where the level score may determine the level score of each server gateway according to the size of the area distance value and the number of access requests corresponding to the load state, and the higher the level score, the lower the priority level is, so that the client gateway may select a server gateway with a fast transmission speed and a fast response to the access request for establishing a communication link.
In the specific implementation, an online notification sent by each server gateway is received to a verification server according to actual requirements and experimental data in a preset time period, the verification server determines an area address and a load state in the online notification in each server gateway, and determines an area distance and a load state corresponding to each server gateway according to address information of a client. And determining the grade score of each server-side gateway according to the regional distance and the load state of each server-side gateway, and determining the recommended priority grade of each server-side gateway according to the grade score.
Step 250, determining the server gateways according to the priority levels corresponding to the server gateways and the access requests;
in the specific implementation, an online notification sent by each server gateway is received to a verification server according to actual requirements and experimental data in a preset time period, the verification server determines an area address and a load state in the online notification in each server gateway, and determines an area distance and a load state corresponding to each server gateway according to address information of a client. And determining the grade score of each server-side gateway according to the regional distance and the load state of each server-side gateway, and determining the recommended priority grade of each server-side gateway according to the grade score. And determining the server gateways according to the priority levels and the access requests corresponding to the server gateways, wherein the highest recommended priority level can be selected according to actual demands, or the lowest recommended priority level can be selected according to actual demands, the higher the priority level is, the faster the speed of information transmission after the server gateways establish a communication link is, and the lower the priority level is, the slower the speed of information transmission after the server gateways establish the communication link is.
Step 260, sending the access request and the address information of the client gateway to the server gateway, so that the server gateway generates a link establishment request according to the access request and the address information of the client gateway, where the link establishment request is used to request the client gateway to establish a communication link with the server gateway.
In the embodiment of the invention, the access request sent by the terminal can be received through the client gateway; verifying whether the client gateway is trusted; when the client gateway is trusted, determining a server gateway according to the access request; and sending an access request and address information of the client gateway to the server gateway so that the server gateway generates a link establishment request according to the access request and the address information of the client gateway, wherein the link establishment request is used for requesting the client gateway to establish a communication link with the server gateway. The embodiment of the invention solves the port communication security problem that the server is in an open state, can utilize the verification server to verify whether the client gateway and the server gateway before establishing the link are trusted, ensure the legitimacy of the identities of the client gateway and the server gateway for establishing the communication link, and then establish the communication link between the trusted client gateway and the server gateway without verifying the server to establish the communication link between the client gateway and the server gateway, so that the communication link has a certain degree of concealment, the server port is prevented from being attacked and detected by malignancy, and the security of the server resource is ensured.
Fig. 3 is another flowchart of a terminal access method according to an embodiment of the present invention. The embodiment is applicable to the situation that the client gateway and the server gateway establish a communication link under the condition that the terminal accesses the server, and the method can be executed by the communication device provided by the embodiment of the invention, and the device can be realized in a software and/or hardware mode and can be generally integrated in the client gateway. As shown in fig. 1, the method in this embodiment specifically includes:
Step 310, receiving an access request sent by a terminal, and sending the access request to a verification server;
in the specific implementation, when the terminal generates an access request and sends the access request to the client gateway, the client gateway determines whether to filter the access request according to the setting requirement or whether to forward the authentication confirmation to the authentication server according to the access request; when the client gateway determines that the access request does not need to be filtered, or the terminal authentication sends the access request to the authentication server, the authentication server receives the access request sent by the terminal through the client gateway, so that the authentication server can perform trusted authentication on the client gateway.
Step 320, receiving a link establishment request sent by a server gateway, where the link establishment request is generated by the server gateway according to the access request and address information of the client gateway, and the access request and the address information of the client gateway are sent to the server gateway when the authentication server authenticates the client gateway and determines that the client gateway is trusted;
in a specific implementation, when the verification server verifies that the client gateway is trusted, the server gateway is determined according to the access request, the access request and address information of the client gateway are sent to the server gateway, and the server gateway generates a link establishment request according to the access request and the address information of the client gateway. The client gateway receives a link establishment request sent by the server gateway, wherein the link establishment request is generated by the server gateway according to the access request and address information of the client gateway, and a communication link is established for the server gateway according to the link establishment request, so that after the client gateway receives the access request of the terminal, the client gateway can successfully acquire data resources through the communication link according to the access request.
Step 330, verifying whether the server gateway is trusted;
in a specific implementation, a client gateway receives a link establishment request sent by a server gateway, and the client gateway needs to determine whether the identification information of the server gateway exists in registered server gateway information according to the identification information of the server gateway in the link establishment request. If the registered server gateway information contains the identification information of the server gateway, the server gateway is trusted, passes the identity verification and is registered in the verification server. If the registered server gateway information does not contain the identification information of the server gateway, the server gateway is not trusted, the authentication is not passed, the registered server is not registered, and the server gateway has potential safety hazard.
Further, the verifying whether the server-side gateway is trusted includes:
determining whether the identification information of the server gateway exists in the registered server gateway information acquired from the verification server;
and when the identification information of the server-side gateway exists in the registered server-side gateway information, determining that the server-side gateway is credible.
The identification information of the server gateway information may be understood as an identification of the server gateway information in a network, which is used to distinguish different server gateways in the network, and may be an IP address (an IP address includes a network number and a gateway host number) of the gateway, or may be a unique identification generated by a gateway name and an address.
In a specific implementation, the identification information of the server gateway is determined according to the link establishment request, and whether the identification information of the server gateway exists in the registered server gateway information is determined. If the registered server gateway information contains the identification information of the server gateway, the server gateway is trusted, passes the identity verification and is registered in the verification server. If the registered server gateway information does not contain the identification information of the server gateway, the server gateway is not trusted, the identity verification is not passed, and the server gateway is not registered in the verification server. The registered server gateway information on the client gateway is acquired from the verification server when registering or verifying that the server gateway is trusted.
Further, the verifying whether the server-side gateway is trusted includes:
and sending the identification information of the server-side gateway to the verification server so that the verification server verifies whether the server-side gateway is trusted according to the identification information of the server-side gateway, and receives a trusted verification message sent by the verification server, wherein the trusted verification message is used for indicating whether the server-side gateway is trusted.
In specific implementation, whether the server gateway is trusted or not is verified, or the identification information of the server gateway sending the link establishment request is sent to a verification server for verification, the verification server determines whether the identification information of the server gateway exists in the registered server gateway information according to the received identification information of the server gateway, if the identification information of the server gateway exists in the registered server gateway information, the server gateway is trusted, the server gateway is verified to pass identity verification and is registered in the verification server, and the server gateway is trusted as a trusted verification message to be sent to the client gateway; if the registered server gateway information does not contain the identification information of the server gateway, the server gateway is not trusted, the authentication is not passed, the server gateway is not registered in the authentication server, and the server gateway is not trusted and is sent to the client gateway as a trusted authentication message.
And step 340, when the server gateway is trusted, establishing a communication link with the server gateway.
In a specific implementation, when the client gateway determines that the server gateway is trusted, a communication link is established between the server gateway and the client gateway according to a link establishment request, so that after the client gateway receives an access request of a terminal, the client gateway successfully acquires data resources through the communication link according to the access request.
In the embodiment of the invention, the method can comprise the steps of receiving an access request sent by a terminal and sending the access request to a verification server; receiving a link establishment request sent by a server gateway, wherein the link establishment request is generated by the server gateway according to an access request and address information of a client gateway, and the access request and the address information of the client gateway are sent to the server gateway when the client gateway is verified by a verification server and the client gateway is determined to be trusted; verifying whether the gateway of the server is trusted or not; and when the server-side gateway is trusted, establishing a communication link with the server-side gateway. The embodiment of the invention solves the port communication security problem that the server is in an open state, can utilize the verification server to verify whether the client gateway and the server gateway before establishing the link are trusted, ensure the legitimacy of the identities of the client gateway and the server gateway for establishing the communication link, and then establish the communication link between the trusted client gateway and the server gateway without verifying the server to establish the communication link between the client gateway and the server gateway, so that the communication link has a certain degree of concealment, the server port is prevented from being attacked and detected by malignancy, and the security of the server resource is ensured.
Fig. 4 is a schematic structural diagram of a terminal access device according to an embodiment of the present invention. As shown in fig. 4, applied to an authentication server, the communication apparatus includes:
a first request receiving module 410, configured to receive, through a client gateway, an access request sent by a terminal;
a first trusted verification module 420, configured to verify whether the client gateway is trusted;
a gateway determining module 430, configured to determine a server gateway according to the access request when the client gateway is trusted;
and the information sending module 440 is configured to send the access request and address information of the client gateway to the server gateway, so that the server gateway generates a link establishment request according to the access request and the address information of the client gateway, where the link establishment request is used to request the client gateway to establish a communication link with the server gateway.
In one embodiment, the gateway determining module 430 determines, when the client gateway is trusted, a server gateway according to the access request, including:
determining the regional distance and the load state of each server gateway according to the online notification;
determining the priority level corresponding to each server gateway according to the regional distance and the load state of each server gateway;
And determining the server gateways according to the priority levels corresponding to the server gateways and the access requests.
In one embodiment, the gateway determining module 430 determines the area distance and the load status of each online server gateway according to the online notification, including:
and receiving online notifications sent by the gateways at preset intervals, wherein the online notifications comprise area addresses and load states of the gateways.
In one embodiment, the first trusted verification module 420 verifies whether the client gateway is trusted, including:
determining whether the identification information of the client gateway exists in the registered client gateway information;
and when the identification information of the client gateway exists in the registered client gateway information, determining that the client gateway is credible.
In an embodiment, before the first request receiving module 410 receives, through the client gateway, an access request sent by the terminal, the method further includes:
starting the verification server;
receiving registration information sent by the client gateway, verifying the client gateway based on the registration information sent by the client gateway, and adding identification information of the client gateway to the registered client gateway information when verification passes; and receiving the registration information sent by the server-side gateway, verifying the server-side gateway based on the registration information sent by the server-side gateway, and adding the identification information of the server-side gateway to the registered server-side gateway information when the verification passes.
In the embodiment of the invention, the access request sent by the terminal can be received through the client gateway; verifying whether the client gateway is trusted; when the client gateway is trusted, determining a server gateway according to the access request; and sending an access request and address information of the client gateway to the server gateway so that the server gateway generates a link establishment request according to the access request and the address information of the client gateway, wherein the link establishment request is used for requesting the client gateway to establish a communication link with the server gateway. The embodiment of the invention solves the port communication security problem that the server is in an open state, can utilize the verification server to verify whether the client gateway and the server gateway before establishing the link are trusted, ensure the legitimacy of the identities of the client gateway and the server gateway for establishing the communication link, and then establish the communication link between the trusted client gateway and the server gateway without verifying the server to establish the communication link between the client gateway and the server gateway, so that the communication link has a certain degree of concealment, the server port is prevented from being attacked and detected by malignancy, and the security of the server resource is ensured.
Fig. 5 is a schematic structural diagram of another terminal access device according to an embodiment of the present invention, where the device is applied to a client gateway as shown in fig. 5, and includes:
A second request receiving module 510, configured to receive an access request sent by a terminal, and send the access request to a verification server;
a third request receiving module 520, configured to receive a link establishment request sent by a server gateway, where the link establishment request is generated by the server gateway according to the access request and address information of the client gateway, and the access request and the address information of the client gateway are sent to the server gateway when the authentication server authenticates the client gateway and determines that the client gateway is trusted;
a second trusted verification module 530, configured to verify whether the server gateway is trusted;
the link establishment module 540 is configured to establish a communication link with the server gateway when the server gateway is trusted.
In one embodiment, the second trusted verification module 530 verifies whether the server gateway is trusted, including:
determining whether the identification information of the server gateway exists in the registered server gateway information acquired from the verification server;
and when the identification information of the server-side gateway exists in the registered server-side gateway information, determining that the server-side gateway is credible.
In one embodiment, the second trusted verification module 530 verifies whether the server gateway is trusted, including:
and sending the identification information of the server-side gateway to the verification server so that the verification server verifies whether the server-side gateway is trusted according to the identification information of the server-side gateway, and receives a trusted verification message sent by the verification server, wherein the trusted verification message is used for indicating whether the server-side gateway is trusted.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention. Fig. 6 illustrates a block diagram of an exemplary electronic device 12 suitable for use in implementing embodiments of the present invention. The electronic device 12 shown in fig. 6 is merely an example and should not be construed as limiting the functionality and scope of use of embodiments of the present invention.
As shown in fig. 6, the electronic device 12 is in the form of a general purpose computing device. Components of the electronic device 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, a bus 18 that connects the various system components, including the system memory 28 and the processing units 16.
Bus 18 represents one or more of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, a processor, and a local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include Industry Standard Architecture (ISA) bus, micro channel architecture (MAC) bus, enhanced ISA bus, video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Electronic device 12 typically includes a variety of computer system readable media. Such media can be any available media that is accessible by electronic device 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM) 30 and/or cache memory 32. The electronic device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from or write to non-removable, nonvolatile magnetic media (not shown in FIG. 6, commonly referred to as a "hard disk drive"). Although not shown in fig. 6, a magnetic disk drive for reading from and writing to a removable non-volatile magnetic disk (e.g., a "floppy disk"), and an optical disk drive for reading from or writing to a removable non-volatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In such cases, each drive may be coupled to bus 18 through one or more data medium interfaces. Memory 28 may include at least one program product having a set (e.g., at least one) of program modules configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored in, for example, memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment. Program modules 42 generally perform the functions and/or methods of the embodiments described herein.
The electronic device 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), one or more devices that enable a user to interact with the electronic device 12, and/or any devices (e.g., network card, modem, etc.) that enable the electronic device 12 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 22. And electronic device 12 may also communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet, via network adapter 20. As shown, the network adapter 20 communicates with other modules of the electronic device 12 over the bus 18. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 12, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
The processing unit 16 executes various functional applications and data processing by running a program stored in the system memory 28, for example, to implement a terminal access method provided by an embodiment of the present invention, the method including:
receiving an access request sent by a terminal through a client gateway; verifying whether the client gateway is trusted; when the client gateway is trusted, determining a server gateway according to the access request; and sending the access request and the address information of the client gateway to the server gateway so that the server gateway generates a link establishment request according to the access request and the address information of the client gateway, wherein the link establishment request is used for requesting the client gateway to establish a communication link with the server gateway.
Or receiving an access request sent by a terminal and sending the access request to a verification server; receiving a link establishment request sent by a server gateway, wherein the link establishment request is generated by the server gateway according to the access request and the address information of the client gateway, and the access request and the address information of the client gateway are sent to the server gateway when the authentication server authenticates the client gateway and determines that the client gateway is trusted; verifying whether the server gateway is trusted or not; and when the server-side gateway is trusted, establishing a communication link with the server-side gateway.
The embodiment of the invention also provides a computer readable storage medium, on which a computer program is stored, the program when executed by a processor implementing a terminal access method as described, the method comprising:
receiving an access request sent by a terminal through a client gateway; verifying whether the client gateway is trusted; when the client gateway is trusted, determining a server gateway according to the access request; and sending the access request and the address information of the client gateway to the server gateway so that the server gateway generates a link establishment request according to the access request and the address information of the client gateway, wherein the link establishment request is used for requesting the client gateway to establish a communication link with the server gateway.
Or receiving an access request sent by a terminal and sending the access request to a verification server; receiving a link establishment request sent by a server gateway, wherein the link establishment request is generated by the server gateway according to the access request and the address information of the client gateway, and the access request and the address information of the client gateway are sent to the server gateway when the authentication server authenticates the client gateway and determines that the client gateway is trusted; verifying whether the server gateway is trusted or not; and when the server-side gateway is trusted, establishing a communication link with the server-side gateway.
The computer storage media of embodiments of the invention may take the form of any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
Note that the above is only a preferred embodiment of the present invention and the technical principle applied. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, while the invention has been described in connection with the above embodiments, the invention is not limited to the embodiments, but may be embodied in many other equivalent forms without departing from the spirit or scope of the invention, which is set forth in the following claims.

Claims (8)

1. A terminal access method, applied to an authentication server, comprising:
receiving an access request sent by a terminal through a client gateway;
verifying whether the client gateway is trusted;
when the client gateway is trusted, determining a server gateway according to the access request;
sending the access request and the address information of the client gateway to the server gateway so that the server gateway generates a link establishment request according to the access request and the address information of the client gateway, wherein the link establishment request is used for requesting the client gateway to establish a hidden communication link with the server gateway;
the verifying whether the client gateway is trusted comprises:
determining whether the identification information of the client gateway exists in the registered client gateway information;
when the identification information of the client gateway exists in the registered client gateway information, determining that the client gateway is credible;
the receiving, by the client gateway, the access request sent by the terminal includes: and when the client gateway determines that the access request does not need to be filtered or the terminal identity authentication is passed, the authentication server receives the access request sent by the terminal through the client gateway.
2. The method of claim 1, wherein determining a server gateway from the access request when the client gateway is trusted comprises:
determining the regional distance and the load state of each server gateway according to the online notification;
determining the priority level corresponding to each server gateway according to the regional distance and the load state of each server gateway;
and determining the server gateways according to the priority levels corresponding to the server gateways and the access requests.
3. The method of claim 2, wherein determining the area distance and the load status of each server gateway online based on the online notification comprises:
and receiving online notifications sent by the gateways at preset intervals, wherein the online notifications comprise area addresses and load states of the gateways.
4. The method of claim 1, further comprising, prior to receiving, by the client gateway, the access request sent by the terminal:
starting the verification server;
receiving registration information sent by the client gateway, verifying the client gateway based on the registration information sent by the client gateway, and adding identification information of the client gateway to the registered client gateway information when verification passes; and receiving the registration information sent by the server-side gateway, verifying the server-side gateway based on the registration information sent by the server-side gateway, and adding the identification information of the server-side gateway to the registered server-side gateway information when the verification passes.
5. A terminal access device, characterized by being applied to an authentication server, comprising:
the first request receiving module is used for receiving an access request sent by the terminal through the client gateway;
the first trusted verification module is used for verifying whether the client gateway is trusted or not;
the gateway determining module is used for determining a server gateway according to the access request when the client gateway is trusted;
the information sending module is used for sending the access request and the address information of the client gateway to the server gateway so that the server gateway generates a link establishment request according to the access request and the address information of the client gateway, and the link establishment request is used for requesting the client gateway to establish a hidden communication link with the server gateway;
the first trusted verification module verifies whether the client gateway is trusted, including:
determining whether the identification information of the client gateway exists in the registered client gateway information;
when the identification information of the client gateway exists in the registered client gateway information, determining that the client gateway is credible;
the receiving, by the client gateway, the access request sent by the terminal includes:
And when the client gateway determines that the access request does not need to be filtered or the terminal identity authentication is passed, the authentication server receives the access request sent by the terminal through the client gateway.
6. The terminal access method is characterized by being applied to a client gateway and comprising the following steps:
receiving an access request sent by a terminal, and sending the access request to a verification server;
receiving a link establishment request sent by a server gateway, wherein the link establishment request is generated by the server gateway according to the access request and the address information of the client gateway, and the access request and the address information of the client gateway are sent to the server gateway when the authentication server authenticates the client gateway and determines that the client gateway is trusted;
verifying whether the server gateway is trusted or not;
when the server-side gateway is trusted, establishing a hidden communication link with the server-side gateway;
the verifying whether the server-side gateway is trusted comprises the following steps:
determining whether the identification information of the server gateway exists in the registered server gateway information acquired from the verification server;
When the registered server gateway information contains the identification information of the server gateway, determining that the server gateway is credible;
the receiving the access request sent by the terminal and sending the access request to the verification server comprises the following steps: and when the client gateway determines that the access request does not need to be filtered or the terminal identity authentication is passed, sending the access request to the authentication server.
7. The method of claim 6, wherein the verifying whether the server-side gateway is trusted comprises:
and sending the identification information of the server-side gateway to the verification server so that the verification server verifies whether the server-side gateway is trusted according to the identification information of the server-side gateway, and receives a trusted verification message sent by the verification server, wherein the trusted verification message is used for indicating whether the server-side gateway is trusted.
8. A terminal access device, applied to a client gateway, comprising:
the second request receiving module is used for receiving the access request sent by the terminal and sending the access request to the verification server;
the third request receiving module is used for receiving a link establishment request sent by a server gateway, wherein the link establishment request is generated by the server gateway according to the access request and the address information of the client gateway, and the access request and the address information of the client gateway are sent to the server gateway when the authentication server authenticates the client gateway and determines that the client gateway is trusted;
The second trusted verification module is used for verifying whether the server gateway is trusted or not;
the link establishment module is used for establishing a hidden communication link with the server-side gateway when the server-side gateway is trusted;
the second trusted verification module verifies whether the server gateway is trusted, including:
determining whether the identification information of the server gateway exists in the registered server gateway information acquired from the verification server;
when the registered server gateway information contains the identification information of the server gateway, determining that the server gateway is credible;
receiving an access request sent by a terminal, and sending the access request to a verification server, wherein the method comprises the following steps:
and when the client gateway determines that the access request does not need to be filtered or the terminal identity authentication is passed, sending the access request to the authentication server.
CN202111406971.2A 2021-11-24 2021-11-24 Terminal access method and device, electronic equipment and storage medium Active CN114143056B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111406971.2A CN114143056B (en) 2021-11-24 2021-11-24 Terminal access method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111406971.2A CN114143056B (en) 2021-11-24 2021-11-24 Terminal access method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114143056A CN114143056A (en) 2022-03-04
CN114143056B true CN114143056B (en) 2024-04-05

Family

ID=80391563

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111406971.2A Active CN114143056B (en) 2021-11-24 2021-11-24 Terminal access method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114143056B (en)

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546552A (en) * 2010-12-24 2012-07-04 中国联合网络通信集团有限公司 Authentication method, equipment and system
CN107040513A (en) * 2016-06-30 2017-08-11 北京动石科技有限公司 A kind of credible access registrar processing method, user terminal and service end
CN107493280A (en) * 2017-08-15 2017-12-19 中国联合网络通信集团有限公司 Method, intelligent gateway and the certificate server of user authentication
CN109309684A (en) * 2018-10-30 2019-02-05 红芯时代(北京)科技有限公司 A kind of business access method, apparatus, terminal, server and storage medium
CN110177096A (en) * 2019-05-24 2019-08-27 网易(杭州)网络有限公司 Client certificate method, apparatus, medium and calculating equipment
CN110611643A (en) * 2018-06-15 2019-12-24 上海仪电(集团)有限公司中央研究院 Cloud pipe end data security interaction system and method based on intelligent gateway
CN111245873A (en) * 2018-11-28 2020-06-05 北京京东尚科信息技术有限公司 Service degradation method, device, equipment and storage medium
CN111416826A (en) * 2020-03-24 2020-07-14 江苏易安联网络技术有限公司 System and method for safely releasing and accessing application service
CN111490993A (en) * 2020-04-13 2020-08-04 江苏易安联网络技术有限公司 Application access control security system and method
CN111741091A (en) * 2020-06-11 2020-10-02 无锡华云数据技术服务有限公司 Method and device for hiding IP and port number of NoVNC server and electronic equipment
CN111917714A (en) * 2020-06-18 2020-11-10 云南电网有限责任公司信息中心 Zero trust architecture system and use method thereof
CN111934840A (en) * 2020-06-29 2020-11-13 北京百度网讯科技有限公司 Communication method of client and server, gateway, electronic equipment and storage medium
CN113055367A (en) * 2021-03-08 2021-06-29 浪潮云信息技术股份公司 Method and system for realizing micro-service gateway authentication

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8813218B2 (en) * 2012-02-14 2014-08-19 Janus Technologies, Inc. Security-enhanced computer systems and methods
US20170331821A1 (en) * 2016-05-16 2017-11-16 4Mt Sa Secure gateway system and method

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546552A (en) * 2010-12-24 2012-07-04 中国联合网络通信集团有限公司 Authentication method, equipment and system
CN107040513A (en) * 2016-06-30 2017-08-11 北京动石科技有限公司 A kind of credible access registrar processing method, user terminal and service end
CN107493280A (en) * 2017-08-15 2017-12-19 中国联合网络通信集团有限公司 Method, intelligent gateway and the certificate server of user authentication
CN110611643A (en) * 2018-06-15 2019-12-24 上海仪电(集团)有限公司中央研究院 Cloud pipe end data security interaction system and method based on intelligent gateway
CN109309684A (en) * 2018-10-30 2019-02-05 红芯时代(北京)科技有限公司 A kind of business access method, apparatus, terminal, server and storage medium
CN111245873A (en) * 2018-11-28 2020-06-05 北京京东尚科信息技术有限公司 Service degradation method, device, equipment and storage medium
CN110177096A (en) * 2019-05-24 2019-08-27 网易(杭州)网络有限公司 Client certificate method, apparatus, medium and calculating equipment
CN111416826A (en) * 2020-03-24 2020-07-14 江苏易安联网络技术有限公司 System and method for safely releasing and accessing application service
CN111490993A (en) * 2020-04-13 2020-08-04 江苏易安联网络技术有限公司 Application access control security system and method
CN111741091A (en) * 2020-06-11 2020-10-02 无锡华云数据技术服务有限公司 Method and device for hiding IP and port number of NoVNC server and electronic equipment
CN111917714A (en) * 2020-06-18 2020-11-10 云南电网有限责任公司信息中心 Zero trust architecture system and use method thereof
CN111934840A (en) * 2020-06-29 2020-11-13 北京百度网讯科技有限公司 Communication method of client and server, gateway, electronic equipment and storage medium
CN113055367A (en) * 2021-03-08 2021-06-29 浪潮云信息技术股份公司 Method and system for realizing micro-service gateway authentication

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"零信任"在云化业务中的安全技术研究;杨正权;靳明星;张晓东;;信息安全与通信保密;20200310(03) *
Yuan Zhou ; Le Yu ; Mingshan Liu ; Xiaokun Li."4G client remotely monitors the equipment of PROFIBUS-DP field bus based on cloud server and Android system".《2017 3rd IEEE International Conference on Computer and Communications (ICCC)》.2018,全文. *
零信任安全体系设计与研究;尚可龙;古强;;保密科学技术;20200520(05) *

Also Published As

Publication number Publication date
CN114143056A (en) 2022-03-04

Similar Documents

Publication Publication Date Title
US9769266B2 (en) Controlling access to resources on a network
US10382470B2 (en) Interacting with a remote server over a network to determine whether to allow data exchange with a resource at the remote server
CN105430011B (en) A kind of method and apparatus detecting distributed denial of service attack
US20140136681A1 (en) Enterprise Application Session Control and Monitoring in a Large Distributed Environment
US8990893B2 (en) Enterprise application session control and monitoring in a large distributed environment
US9305174B2 (en) Electronic clipboard protection
CN111416811B (en) Unauthorized vulnerability detection method, system, equipment and storage medium
US20130247144A1 (en) Controlling Access to Resources on a Network
EP2973158A1 (en) Delegating authorization to applications on a client device in a networked environment
CN111327615A (en) CC attack protection method and system
JP2014086821A (en) Unauthorized connection detection method, network monitoring device, and program
CN114598489B (en) Method and related device for determining trust terminal
US20150067772A1 (en) Apparatus, method and computer-readable storage medium for providing notification of login from new device
CN113225351A (en) Request processing method and device, storage medium and electronic equipment
CN114125027B (en) Communication establishment method and device, electronic equipment and storage medium
CN111726328B (en) Method, system and related device for remotely accessing a first device
CN114448734A (en) Network access method, device, equipment and storage medium
US8875278B2 (en) Dynamic allocation of network security credentials for alert notification recipients
CN114143056B (en) Terminal access method and device, electronic equipment and storage medium
US8904487B2 (en) Preventing information theft
CN110177096B (en) Client authentication method, device, medium and computing equipment
CN111131369B (en) APP use condition transmission method and device, electronic equipment and storage medium
CN114938288B (en) Data access method, device, equipment and storage medium
KR102148189B1 (en) Apparatus and method for protecting malicious site
JP2003303053A (en) Disk array apparatus and data processing method using same

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant