CN114499922A - Intelligent zero-trust dynamic authorization method - Google Patents
Intelligent zero-trust dynamic authorization method Download PDFInfo
- Publication number
- CN114499922A CN114499922A CN202111438785.7A CN202111438785A CN114499922A CN 114499922 A CN114499922 A CN 114499922A CN 202111438785 A CN202111438785 A CN 202111438785A CN 114499922 A CN114499922 A CN 114499922A
- Authority
- CN
- China
- Prior art keywords
- security
- authorization
- dynamic
- user
- policy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to an intelligent zero-trust dynamic authorization method, which comprises the following steps: measuring the network security of the terminal; a user network security metric; an external environment security metric; forming a subject attribute library, an object attribute library and a security policy library by using an ABAC attribute access control method and combining internal security management policies and rules; based on the user terminal security measurement, the user network security measurement, the external environment security measurement and the security policy library, combining with a dynamic security policy authorization calculation model, performing authorization policy calculation on each access behavior of a user to access resources to obtain a dynamic network security policy authorization calculation result; generating a subject single-access object dynamic authorization list based on a dynamic network security policy authorization calculation result; and dynamically authorizing execution. The invention can dynamically calculate the security policy authorization based on the security values of the user, the terminal equipment, the external environment and the like in the process of providing the user access to the resources in the zero trust architecture, and provides a support technology for the zero trust access.
Description
Technical Field
The invention relates to the technical field of network security, in particular to an intelligent zero-trust dynamic authorization method.
Background
The network security has been developed for over 40 years, and dozens of network security protection technologies are available from the earliest firewall and anti-virus technologies to build a network security protection system for enterprises. However, the network security technology development for more than 40 years does not provide new ideas or improvements to the current network security technology architecture and concept. The current network security protection system takes the boundary as the core and takes depth protection as the means to continue security construction. The risk of implicit trust and the defects of a TCP/IP protocol exist, so that the traditional network security protection technology has defects in new network environments such as cloud computing, big data, artificial intelligence, 5G, IOT and the like, and a more reliable security protection technology and framework cannot be provided for enterprises at present.
Forrester formally proposed "Zero Trust" (Zero Trust, ZT) in 2010. Through the exploration in the last decade, the theory and practice of zero trust are continuously perfected, and the concept is gradually developed into the mainstream network security technology architecture. The safety concept is as follows: 1) the network is not in a dangerous environment anytime and anywhere; 2) there are external or internal threats in the network throughout; 3) the network location is not sufficient to determine the trustworthiness of the network; 4) all devices, users and network traffic should be authenticated and authorized; 5) the security policy must be dynamic. A clear direction is proposed for the development of zero trust technology.
At present, zero trust becomes the mainstream network security protection architecture and idea in the world, and governments, armies and enterprises all invest a large amount of manpower and financial resources to realize the zero trust upgrade of internal network security protection and improve the network security protection level. The concept of zero trust 'never trusting and always verifying' is widely accepted, meanwhile, the traditional network security protection architecture is perfected based on the zero trust concept, the defects of the traditional network security protection technology at present are better solved, and meanwhile, a safer network security guarantee technology is provided for a new information environment. For successful implementation of the zero trust architecture, the best practices or standards in the industry include the "SDP" specification standard 2.0 issued by CSA, the "zero trust architecture ZTA" white paper issued by NIST (national standards committee), and the Google beyondcrop project. In the best practices or standards in the industry, explicit requirements are placed on dynamic access policies. In the traditional network security protection technology, dynamic security policy authorization is a brand-new technology and concept, and the zero trust security protection of each enterprise is challenged.
Disclosure of Invention
The invention aims to provide an intelligent zero-trust dynamic authorization method, which is used for dynamically calculating security policy authorization based on security values of a user, terminal equipment, an external environment and the like in the process of providing the user access to resources in a zero-trust architecture and providing a support technology for zero-trust access.
The invention provides an intelligent zero-trust dynamic authorization method, which comprises the following steps:
step 1, measuring the network security of the terminal: terminal security current situation data including terminal security compliance data, terminal vulnerability data, terminal fingerprints and configuration data are automatically acquired, analyzed and calculated through a terminal agent, and a terminal security value is acquired according to a data calculation and evaluation method;
step 2, measuring the network security of the user: obtaining a user security value through calculation and evaluation based on the user information; the user information comprises a user password, authentication information, user behavior information and network information of a user;
step 3, external environment safety measurement
Based on the network security data, combining the current situation of the environment, and obtaining an external environment security value through analysis and calculation; the network security data is provided by network security risk perception, network security threat information and a network security operation and maintenance management platform;
step 4, forming a subject attribute library, an object attribute library and a security policy library by using an ABAC attribute access control method and combining internal security management policies and rules, wherein the subject attribute library, the object attribute library and the security policy library are used for network security authorization and access control;
step 5, based on the user terminal security measurement, the user network security measurement, the external environment security measurement and the security policy library, combining with the dynamic security policy authorization calculation model, performing authorization policy calculation on each access behavior of the user to access the resource to obtain a dynamic network security policy authorization calculation result;
step 6, generating a dynamic authorization list of the subject accessing the object once based on the dynamic network security policy authorization calculation result of the dynamic security policy authorization calculation model;
and 7, executing the security authorization for accessing the object network by using the dynamic authorization list, and accessing the corresponding object resource or system.
Further, the subject attribute library in step 4 is used for subject attribute management, including attribute management of people, applications and NPEs, wherein the attributes include organization, position, responsibility, account number and equipment information;
the object attribute library is used for object attribute management, and the object attributes are attributes of various accessed resources and comprise an application system, an IP address, time, a security level and data classification and classification;
the security policy library is a rule set formed according to subject attributes, object attributes and management requirements.
Further, the dynamic security policy authorization calculation model in step 5 adopts a network security risk calculation method to perform security calculation on each user, terminal and external environment, and performs dynamic adjustment of security policy authorization by combining with access policy rules in a security policy library to obtain a dynamic network security policy authorization calculation result.
Further, the step 7 includes:
and establishing a dynamic security policy PEP by using the dynamic authorization list, and executing a user single authorization policy through the PEP to develop corresponding object service access activities.
By means of the scheme, the intelligent zero-trust dynamic authorization method can dynamically calculate the security policy authorization based on the security values of the user, the terminal equipment, the external environment and the like in the process of providing the user access to the resources in the zero-trust architecture, and provides a support technology for the zero-trust access.
The foregoing description is only an overview of the technical solutions of the present invention, and in order to make the technical solutions of the present invention more clearly understood and to implement them in accordance with the contents of the description, the following detailed description is given with reference to the preferred embodiments of the present invention and the accompanying drawings.
Drawings
FIG. 1 is a flow chart of the intelligent zero trust dynamic authorization method of the present invention;
FIG. 2 is a flow diagram illustrating calculation of a user single-access security value in one embodiment of the present invention;
FIG. 3 is an ABAC attribute access control diagram in one embodiment of the invention;
FIG. 4 is a diagram of dynamic security authorization in one embodiment of the invention.
Detailed Description
The following detailed description of embodiments of the present invention is provided in connection with the accompanying drawings and examples. The following examples are intended to illustrate the invention but are not intended to limit the scope of the invention.
Referring to fig. 1, the embodiment provides an intelligent zero-trust dynamic authorization method, which is Based on multidimensional network security metric calculation to realize zero-trust dynamic authorization, follows the concept of zero-trust "continuous evaluation and dynamic authorization", and forms a set of dynamic authorization models and mechanisms in a zero-trust architecture by using a security evaluation technology, a UEBA technology (user and entity behavior analysis) and an ABAC technology (Attribute-Based Access Control), so as to solve the problem of dynamic authorization in the zero-trust architecture.
The method is based on the ABAC technology, takes a terminal, a user, a network and resources as elements, adopts the ABAC attribute-based access control technology to form a subject attribute library, an object attribute library and an environment attribute library, and carries out dynamic security policy authorization. In order to deeply implement zero trust dynamic security assessment and authorization requirements, security assessment and measurement are performed on a terminal, a user, a network, behaviors and the like in environment attributes to form a user trusted value, a terminal trusted value and an environment trusted value, calculation is performed through a security calculation model, dynamic adjustment is performed on security access authorization rules by using calculation results, and dynamic policy authorization and execution of each access are realized. The method specifically comprises the following steps:
step 1, measuring the network security of the terminal: terminal security current data including terminal security compliance data, terminal vulnerability data, terminal fingerprints and configuration data are automatically acquired, analyzed and calculated through a terminal agent, and a terminal security value is acquired according to a data calculation and evaluation method.
Step 2, measuring the network security of the user: obtaining a user security value through calculation and evaluation based on the user information; the user information includes a user password and Authentication information, user behavior information, and network information of the user, such as user access Authentication, e.g., MFA (Multi-Factor Authentication) information, user behavior information, user management information, and the like.
Step 3, external environment safety measurement
Based on the network security data, combining the current situation of the environment, obtaining an external environment security value through analysis and calculation, and providing input for the credible measurement of the network security; the network security data is provided by network security risk perception, network security threat intelligence and a network security operation and maintenance management platform.
Step 1 to step 3 provide security data for dynamic security policy evaluation by performing network security measurement on each element participating in the zero trust access control activity and calculating a security value of the user single access activity based on a security calculation model (as shown in fig. 2).
And 4, forming a subject attribute library, an object attribute library and a security policy library by using the ABAC attribute access control method and combining internal security management policies and rules, wherein the subject attribute library, the object attribute library and the security policy library are used for network security authorization and access control.
By utilizing the ABAC attribute Access Control technology and combining internal security management strategies and rules (enterprise internal governance, system, security management requirements and the like), the attribute-Based security strategy authorization rule is formed, the automation of security authorization and Access Control (security strategy authorization strategy) is realized (as shown in figure 3), the problem of insufficient Access and authorization Control of traditional ACL (Access Control Lists) or UBAC (User Based Access Control) is solved, and meanwhile, a basic security strategy library (namely a security strategy library) is established for dynamic security strategy authorization.
And 5, performing authorization policy calculation on each access behavior of the user for accessing the resource based on the user terminal security measurement, the user network security measurement, the external environment security measurement and the security policy library by combining a dynamic security policy authorization calculation model to obtain a dynamic network security policy authorization calculation result. As shown in fig. 4, based on the single-access security value of the subject, the security policy library, and in combination with the dynamic security policy authorization calculation model, the single-access authorization policy calculation for the subject to access the object is performed for each access behavior of the user to access the resource.
Step 6, dynamic authorization strategy
Generating a dynamic authorization list of the subject accessing the object once based on the dynamic network security policy authorization calculation result of the dynamic security policy authorization calculation model, wherein the subject can access the corresponding object based on the authorization;
and 7, executing the security authorization for accessing the object network by using the dynamic authorization list, and accessing the corresponding object resource or system.
Specifically, the subject attribute library in step 4 is used for subject attribute management, including attribute management of people, applications, NPEs (Non-enforcing Entities, such as physical devices used when a subject initiates an access request to an object), and the like, where the attributes include organization, post, responsibility, account, device information, and the like;
the object attribute library is used for object attribute management, and the object attributes are attributes of various accessed resources, including an application system, an IP address, time, a security level, data classification and the like;
the security policy library is a rule set formed according to subject attributes, object attributes and management requirements. The policy rules of the subject accessing the object are formed based on the internal management requirements of the enterprise (enterprise governance, management organization and management, enterprise management system, enterprise security management system, business and process requirements and the like), for example, the subject is a person in the department of human resources and can access the object human resource management system. When the subject accesses the object, the specific access policy rules are automatically obtained based on the respective attributes, and attribute-based policy authorization is realized.
Specifically, the dynamic security policy authorization calculation model in step 5 performs security calculation on each user, terminal, and external environment by using a network security risk calculation method, and performs dynamic adjustment of security policy authorization by combining with access policy rules in a security policy library formed by using the ABAC technology, so as to obtain a dynamic network security policy authorization calculation result.
Specifically, the step 7 includes:
and establishing a dynamic security Policy PEP (Policy Enforcement Point) by using the dynamic authorization list, and executing a user single authorization Policy through the PEP to launch corresponding object service access activities (allowing the user to launch single corresponding access activities).
The present invention will be described in further detail with reference to specific examples.
A zero-trust-based dynamic authorization algorithm implementation method comprises the following steps:
1. and (2) performing network security credibility measurement and evaluation on the main body in the service access process according to a zero trust security concept of ' never trust, always verification ' (the credibility measurement and evaluation refer to GB/T20984 information security risk evaluation specification '). Including terminal, user and environment. Wherein:
the terminal network security credibility measurement adopts the combination of qualitative and quantitative methods. And acquiring safety data such as terminal safety compliance, terminal vulnerability and terminal fingerprint management through a terminal agent program to perform comprehensive calculation. The calculation formula is as follows:
Ts=MAX(G{g1、g2、g3…gx}、V{v1、v2、v3…vx}、Y{0|2}
g is a terminal security compliance value, G1 is a separate compliance item, for example, G1 is antivirus software, G2 is a terminal firewall, and security assignment {0-5} is performed for G1, G2, G3, and the like; v is a vulnerability value and is assigned with {0-5 }; y is fingerprint management, 0 is fingerprint management, and 2 is no fingerprint management. Examples are as follows:
data acquisition and analysis through a terminal agent: terminal compliance such as no anti-virus software installed (not compliant, value 4), opening firewall (compliant, value 0), opening FTP service (not compliant, value 3); vulnerability analysis such as patch not updated patch (vulnerability, value of 5), terminal existence of TCP3389 vulnerability (vulnerability, value of 4), terminal existence of TCP138 vulnerability (vulnerability, value of 3), terminal existence information leakage (vulnerability, value of 1), terminal SNMP configuration vulnerability (vulnerability, value of 2); the terminal is fingerprint-managed (value 0). The calculation results are as follows:
Ts=MAX(G{g1=4、g2=0、g3=3}、V{v1=5、v2=4、v3=3、v4=1、v5=2}、Y{0})
Ts=MAX(G=4、V=5、Y=0)
Ts=5
the user security credibility measurement carries out network security credibility measurement from information such as user authentication, user behaviors, user network positions and the like, and the formula is as follows:
Us=MAX(A{a1|a2|a3|a4}、E{e1、e2、e3…Ex}、L{l1|l2|l3|l4}
wherein, a is user authentication, a1 is non-authentication success (value is 5), a2 is account Password authentication (value is 3), a3 is OTP authentication (dynamic Password One-Time Password) (value is 2), a4 is MFA authentication (Multi-factor authentication) (value is 0); and E, analyzing user behaviors, such as user login frequency, user access time, user downloading, user transaction frequency, user event frequency and the like, wherein each item is assigned to be 1-5 based on the evaluation result. The network location L is classified into L1 as a proprietary network, L2 intranet, L3 as extranet, and L4 as internet. An example of the calculation is as follows:
Us=MAX(A{a2=3}、E{e1=3、e2=3、e2=1、e4=4、e5=2}、L{l1=0}
Us=MAX(A=3、E=4、L=0)
Us=4
the external environment security measurement can be selected as the optional security measurement, because the conditions are different in the network security environment for different enterprises in actual enterprises, and if some enterprises have a perfect network security protection system, the external environment measurement data is more, some enterprise network security technical measures are less, and the corresponding external environment security measurement data is relatively less. Therefore, the credible measurement calculation aiming at the link is introduced and utilized according to specific enterprises. Meanwhile, in order to simplify the external environment security measurement and calculation, the existing mature risk assessment technology of enterprises is suggested to be adopted, and corresponding network security data is introduced. The following were used:
Cs=MAX{c1、c2、c3、c4…cx}
and c, providing safety data for safety systems of various external environments, such as situation awareness platforms, threat intelligence and the like, and giving a safety value of 1-5.
Calculating a main body safety value through the terminal network safety credibility measurement value, the user safety credibility measurement value and the external environment safety value as follows:
S=Ts+Us+Cs
the maximum safety value of the main body is 15, and the minimum safety value is 1;
2. establishing a dynamic security authorization policy mechanism by using the ABAC, and providing an ACM (access control machine) for zero-trust dynamic security authorization; including subject attributes, customer attributes, and security policy rules.
Subject attributes, exemplified by the following table:
the guest properties are as follows:
according to the management system and the requirement in the enterprise, automatically matching the rules of the security access policy of the subject and the object to form a security access authorization rule base based on the ABAC, as an example:
3. in the analysis of the dynamic security authorization of each access under the zero trust architecture, the dynamic security policy authorization calculation model is used to calculate each access policy, which is exemplified as follows:
namely:
s is a main body safety value, and the value range is 1-15.
1< S < 3 can access a system with four levels of authorization security level;
4< ═ S < ═ 7 can access a system with three-level authorization security level;
8< ═ S < ═ 11 can access a system with two-level authorization security level;
12< ═ S < ═ 15 can access a system with an authorization security level of one level.
In the dynamic policy authorization calculation, Zhang III can access the CRM system and the OA system based on the attribute access policy rule, assuming that the security level of the CRM system is four, the security level of the OA system is three, and the S value of Zhang III is 7, after the dynamic policy calculation, Zhang III can only access the OA system, but cannot access the CRM system. Dynamic security-based authorization is achieved.
4. And acquiring a dynamic security policy authorization list of the subject accessing the object through the dynamic security policy calculation model.
5. When the subject accesses the object, the dynamic security authorization policy (as shown in fig. 4) is executed through a PEP (policy enforcement point), that is, dynamic authorization is realized.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, it should be noted that, for those skilled in the art, many modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.
Claims (4)
1. An intelligent zero-trust dynamic authorization method is characterized by comprising the following steps:
step 1, measuring the network security of the terminal: terminal security current situation data including terminal security compliance data, terminal vulnerability data, terminal fingerprints and configuration data are automatically acquired, analyzed and calculated through a terminal agent, and a terminal security value is acquired according to a data calculation and evaluation method;
step 2, measuring the network security of the user: obtaining a user security value through calculation and evaluation based on the user information; the user information comprises a user password, authentication information, user behavior information and network information of a user;
step 3, external environment safety measurement
Based on the network security data, combining the current situation of the environment, and obtaining an external environment security value through analysis and calculation; the network security data is provided by network security risk perception, network security threat information and a network security operation and maintenance management platform;
step 4, forming a subject attribute library, an object attribute library and a security policy library by using an ABAC attribute access control method and combining internal security management policies and rules, wherein the subject attribute library, the object attribute library and the security policy library are used for network security authorization and access control;
step 5, based on the user terminal security measurement, the user network security measurement, the external environment security measurement and the security policy library, combining with the dynamic security policy authorization calculation model, performing authorization policy calculation on each access behavior of the user to access the resource to obtain a dynamic network security policy authorization calculation result;
step 6, generating a dynamic authorization list of the subject accessing the object once based on the dynamic network security policy authorization calculation result of the dynamic security policy authorization calculation model;
and 7, executing the security authorization for accessing the object network by using the dynamic authorization list, and accessing the corresponding object resource or system.
2. The intelligent zero-trust dynamic authorization method of claim 1, wherein the subject attribute library in step 4 is used for subject attribute management, including attribute management of people, applications, and NPEs, wherein the attributes include organization, position, responsibility, account number, and device information;
the object attribute library is used for object attribute management, and the object attributes are attributes of various accessed resources and comprise an application system, an IP address, time, a security level and data classification and classification;
the security policy library is a rule set formed according to subject attributes, object attributes and management requirements.
3. The intelligent zero-trust dynamic authorization method of claim 1, wherein the dynamic security policy authorization calculation model in step 5 adopts a network security risk calculation method to perform security calculation on each user, terminal and external environment, and performs dynamic adjustment of security policy authorization in combination with access policy rules in a security policy library to obtain a dynamic network security policy authorization calculation result.
4. The intelligent zero trust dynamic authorization method of claim 4, wherein the step 7 comprises:
and establishing a dynamic security policy PEP by using the dynamic authorization list, and executing a user single authorization policy through the PEP to develop corresponding object service access activities.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111438785.7A CN114499922A (en) | 2021-11-30 | 2021-11-30 | Intelligent zero-trust dynamic authorization method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111438785.7A CN114499922A (en) | 2021-11-30 | 2021-11-30 | Intelligent zero-trust dynamic authorization method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114499922A true CN114499922A (en) | 2022-05-13 |
Family
ID=81492309
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111438785.7A Pending CN114499922A (en) | 2021-11-30 | 2021-11-30 | Intelligent zero-trust dynamic authorization method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114499922A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116319026A (en) * | 2023-03-23 | 2023-06-23 | 北京神州泰岳软件股份有限公司 | Trust assessment method and device in zero-trust architecture and electronic equipment |
| WO2024027328A1 (en) * | 2022-08-05 | 2024-02-08 | 盈适慧众(上海)信息咨询合伙企业(有限合伙) | Data processing method based on zero-trust data access control system |
-
2021
- 2021-11-30 CN CN202111438785.7A patent/CN114499922A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024027328A1 (en) * | 2022-08-05 | 2024-02-08 | 盈适慧众(上海)信息咨询合伙企业(有限合伙) | Data processing method based on zero-trust data access control system |
| CN116319026A (en) * | 2023-03-23 | 2023-06-23 | 北京神州泰岳软件股份有限公司 | Trust assessment method and device in zero-trust architecture and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8713672B2 (en) | Method and apparatus for token-based context caching | |
| US8789162B2 (en) | Method and apparatus for making token-based access decisions | |
| US9069943B2 (en) | Method and apparatus for token-based tamper detection | |
| US8950002B2 (en) | Method and apparatus for token-based access of related resources | |
| US9055053B2 (en) | Method and apparatus for token-based combining of risk ratings | |
| US8539558B2 (en) | Method and apparatus for token-based token termination | |
| CN113536258A (en) | Terminal access control method and device, storage medium and electronic equipment | |
| Yao et al. | Dynamic access control and authorization system based on zero-trust architecture | |
| CN111953679A (en) | Intranet user behavior measurement method and network access control method based on zero trust | |
| US20130047254A1 (en) | Method and apparatus for token-based transaction tagging | |
| CN111917714B (en) | Zero trust architecture system and use method thereof | |
| US8732814B2 (en) | Method and apparatus for token-based packet prioritization | |
| US9253197B2 (en) | Method and apparatus for token-based real-time risk updating | |
| US20150121532A1 (en) | Systems and methods for defending against cyber attacks at the software level | |
| KR20160111940A (en) | System and method for biometric protocol standards | |
| CN114499922A (en) | Intelligent zero-trust dynamic authorization method | |
| CN111131176B (en) | Resource access control method, device, equipment and storage medium | |
| US8726361B2 (en) | Method and apparatus for token-based attribute abstraction | |
| CN110061987A (en) | A kind of access control method and device of based role and trusted end-user | |
| US20130047214A1 (en) | Method and apparatus for token-based combining of authentication methods | |
| Xiaopeng et al. | A zero trust method based on BLP and BIBA model | |
| CN115086075A (en) | Mandatory access control method and device with credible behaviors | |
| US8752143B2 (en) | Method and apparatus for token-based reassignment of privileges | |
| CN116170199A (en) | Equipment access verification system based on gateway of Internet of things | |
| CN116089970A (en) | Power distribution operation and maintenance user dynamic access control system and method based on identity management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |