CN114598471A - Single-package authorized seed distribution method and device for connecting initiating host to controller - Google Patents

Single-package authorized seed distribution method and device for connecting initiating host to controller Download PDF

Info

Publication number
CN114598471A
CN114598471A CN202210272458.7A CN202210272458A CN114598471A CN 114598471 A CN114598471 A CN 114598471A CN 202210272458 A CN202210272458 A CN 202210272458A CN 114598471 A CN114598471 A CN 114598471A
Authority
CN
China
Prior art keywords
seeds
authentication
controller
user
seed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210272458.7A
Other languages
Chinese (zh)
Inventor
李校慧
汪海
孟庆森
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING LEADSEC TECHNOLOGY CO LTD
Beijing Venustech Cybervision Co ltd
Original Assignee
BEIJING LEADSEC TECHNOLOGY CO LTD
Beijing Venustech Cybervision Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING LEADSEC TECHNOLOGY CO LTD, Beijing Venustech Cybervision Co ltd filed Critical BEIJING LEADSEC TECHNOLOGY CO LTD
Priority to CN202210272458.7A priority Critical patent/CN114598471A/en
Publication of CN114598471A publication Critical patent/CN114598471A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Abstract

The present disclosure provides a single-package authorized seed distribution device and method, including: the address fence module limits a user access address range for the access controller to automatically distribute seeds; the authentication module is used for identifying the identity of the access control user; and the automatic seed distribution module is used for automatically generating and distributing seeds and shared keys, and is bound with the user terminal, and different terminals correspond to different keys. The method and the system realize automatic generation and distribution of the seeds, and avoid the trouble of one-by-one distribution of managers; meanwhile, the security in the seed distribution process is improved by means of address fence, identity authentication, dynamic generation, different keys of different terminals and the like.

Description

Single-package authorized seed distribution method and device for connecting initiating host to controller
Technical Field
The invention relates to the technical field of data communication, in particular to a method and a device for distributing single-package authorized seeds.
Background
In the SDP software defined boundary architecture, before the communication between the connection initiating host IH and the controller, the connection receiving host AH and the controller and IH-AH, the connection is allowed to be established after the authentication of SPA single packet authorization. The SPA authentication is based on RFC4226 HOTP standard, and the authentication is realized based on shared seeds. Then, how to distribute the seeds becomes a problem. The common seed distribution mode for connecting the initiating host IH to the controller is to adopt static seeds, all users adopt the same seed to carry out SPA authentication, and once the static seeds are obtained by illegal users, the SPA authentication is similar to a nominal SPA authentication; if the managers are adopted to distribute the operation and maintenance data one by one, a large amount of time and energy are consumed, and the operation and maintenance management cost is increased.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a method and a device for distributing a single-packet authorized authentication seed for connecting an initiating host IH to a controller, which can automatically complete seed distribution and ensure safety.
The single-packet authorized authentication seed distribution method for connecting the initiating host IH to the controller provided by the disclosure comprises the following steps:
setting a user access address range allowing an access controller to automatically distribute seeds;
carrying out identity identification authentication on a user requesting to access the controller;
and for the authenticated user, automatically generating and distributing the seeds and the shared secret keys, and binding the seeds and the shared secret keys with the user terminal, wherein different terminals correspond to different seeds and shared secret keys.
Further, the step of setting a user access address range that allows the access controller to perform automatic seed distribution specifically includes:
the address range allowing the user to access the controller is specified through configuration;
and automatically generating an address range which does not allow the user to access the controller according to configuration specification or the access behavior of the controller.
Further, the method for authenticating the identity of the user requesting to access the controller includes, but is not limited to, the following authentication methods: one or a combination of a plurality of kinds of password authentication, certificate authentication, short message authentication, dynamic token authentication and terminal authentication.
Further, the step of "automatically generating and distributing seeds and shared keys, and binding with the user terminal, different terminals corresponding to different seeds and shared keys" specifically includes the following steps:
connecting an initiating host IH to calculate the unique identifier of the terminal and initiating a seed application to the controller;
the controller checks whether the terminal has bound the seed;
and for the terminal not bound with the seed, generating the seed and the shared key by using a hardware random number, establishing a one-to-one binding relationship with the terminal, and responding to the connection initiation host IH.
Further, the seeds and the shared secret key are encrypted by adopting a national secret algorithm.
The present disclosure also provides a single packet authorized authentication seed distribution device for connecting an initiating host IH to a controller, including: address fence module, authentication module and seed automatic distribution module, wherein:
the address fence module is configured to limit a user access address range for automatic seed distribution by the access controller;
the authentication module is configured to perform identification authentication on the identity of the access control user;
and the automatic seed distribution module is configured to automatically generate and distribute seeds and shared keys for the authenticated users, and the seeds and the shared keys are bound with the user terminals, and different terminals correspond to different seeds and keys.
Further, the address fence module comprises two sub-modules of a black list and a white list, wherein:
the blacklist submodule comprises a user address range which is not allowed to access the controller;
the white list submodule comprises a user address range allowing the controller to be accessed;
wherein the user address range includes one or more of a single address, an address mask, and an address segment.
Further, the authentication module supports one or more combined authentication modes of password authentication, certificate authentication, short message authentication, dynamic token authentication, terminal authentication and the like, including but not limited to the above authentication modes.
Further, the automatic seed distribution module comprises a generation submodule, wherein the generation submodule generates the seed and the shared key according to the hardware random number and establishes a one-to-one binding relationship with the terminal.
Further, the automatic seed distribution module further comprises an encryption sub-module, which is used for encrypting the seed and the shared secret key by adopting a national secret algorithm.
According to the single-package authorized seed distribution method and device, the seeds and the secret keys are automatically generated and distributed, so that a large amount of time and energy consumed by one-by-one distribution of an administrator are avoided, and the operation and maintenance management cost is reduced; meanwhile, the security in the seed distribution process is improved through the means of address fence, identity authentication, dynamic generation of seeds and keys, binding with the terminal and the like.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the scope of the disclosure, as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of the specification of the disclosure, illustrate exemplary embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
FIG. 1 is a flow chart of a single packet authorized seed distribution from an initiating host IH to a controller;
fig. 2 is an exemplary timing diagram.
Detailed Description
Reference will now be made in detail to various exemplary embodiments of the present disclosure, which should not be taken as limiting the disclosure, but rather as a more detailed description of certain aspects, features, and embodiments of the disclosure.
The disclosure of the present specification and examples is illustrative only. It will be apparent to those skilled in the art that various modifications and variations can be made in the specific embodiments of the disclosure without departing from the scope or spirit of the disclosure. Other embodiments will be apparent to those skilled in the art from consideration of the specification.
FIG. 1 is a flowchart of an exemplary embodiment of a method for distributing a single-package authorized authentication seed for connecting an initiating host IH to a controller according to the present disclosure.
As shown in fig. 1, an exemplary embodiment includes the steps of:
s101: a user access address range is set that allows the access controller to automatically distribute the seed.
This setting may be accomplished by the following steps or means:
the address range allowing the user to access the controller is specified through configuration;
and automatically generating an address range which does not allow the user to access the controller according to configuration specification or the access behavior of the controller.
The address range includes the form of single address, address mask and address segment.
S102: and carrying out identity identification authentication on the user requesting to access the controller.
Authentication is used to identify the legitimate identity of an access control user. The authentication supports but is not limited to authentication modes such as password authentication, certificate authentication, short message authentication, dynamic token authentication, terminal authentication and the like and combination modes thereof.
S103: and for the user passing the authentication, automatically generating and distributing the seeds and the shared secret keys, and binding the seeds and the shared secret keys with the user terminal to ensure that different terminals correspond to different seeds and shared secret keys. The method specifically comprises the following steps:
connecting a unique identifier of an initiating host IH computing terminal, and initiating a seed application to a controller;
the controller checks whether the terminal has bound the seed;
for terminals not bound with the seeds, the seeds and the shared secret key are generated by using hardware random numbers, one-to-one binding relation is established with the terminals, and the terminals respond to the connection initiating host IH. In order to further improve the security of the seed and the secret key, the seed and the shared secret key are preferably encrypted by using a cryptographic algorithm.
In this embodiment, if an access user test needs to be added, the access timing chart is as shown in fig. 2:
step 1, an account test is allocated to an access user, and an access IP of the access user is added into a white list. The white list is a user address range allowing access to the controller and is specified by an administrator through configuration; the address range of the controller which is not allowed to be accessed by the user can be limited by a blacklist, the blacklist is specified by the configuration of an administrator, or the controller is automatically generated according to the access behavior of the user.
And 2, the user requests to log in the controller, and the controller performs identity authentication on the controller.
And step 3, allowing the user to log in through authentication.
And 4, computing the unique identifier of the terminal by the connection initiating host IH.
And 5, initiating a seed application to the controller.
Step 6, the controller checks whether the terminal is bound with the seeds or not, and if the terminal is bound with the seeds, the seed distribution is refused; if the seed is not bound, the seed and the shared key are generated, preferably using hardware random numbers.
And 7, establishing a one-to-one binding relationship between the generated seeds and the terminal.
And 8, preferably encrypting the seeds and the keys by adopting a national cryptographic algorithm, and responding to the connection initiating host IH.
And when the access user logs in again, single-packet authorization authentication is adopted.
Therefore, in the embodiment, the seeds and the secret keys are automatically generated and distributed, so that the trouble that an administrator distributes the seeds one by one is avoided; meanwhile, the seeds are generated dynamically and randomly, different terminals are guaranteed to correspond to different seeds and secret keys, the user address and the user identity are limited and authenticated before the seeds are distributed, encryption measures are further used, and safety in the seed distribution process is improved layer by layer.
The single-package authorization authentication seed distribution method adopting the method comprises the following steps: address fence module, authentication module and seed automatic distribution module, wherein:
the address fence module limits a user access address range for the access controller to automatically distribute seeds;
the authentication module is used for identifying and authenticating the identity of the access control user;
and the automatic seed distribution module is used for automatically generating and distributing seeds and shared keys for the authenticated users, and binding the seeds and the shared keys with the user terminals, wherein different terminals correspond to different seeds and keys.
The address fence module comprises two sub-modules of a black list and a white list, wherein:
the blacklist submodule limits a user address range which is not allowed to access the controller;
the white list sub-module limits the user address range allowing the access controller;
wherein the user address range comprises one or more of a single address, an address mask and an address segment.
The authentication module supports one or more combined authentication modes including but not limited to password authentication, certificate authentication, short message authentication, dynamic token authentication, terminal authentication and the like.
The automatic seed distribution module comprises a generation submodule, generates the seeds and the shared secret keys according to the hardware random number, and establishes one-to-one binding relationship with the terminals to ensure that different terminals correspond to different seeds and secret keys.
Preferably, the automatic seed distribution module further comprises an encryption sub-module, and the encryption sub-module encrypts the seed and the shared key by using a national encryption algorithm.
The foregoing is merely an illustrative embodiment of the present disclosure, and any equivalent changes and modifications made by those skilled in the art without departing from the spirit and principles of the present disclosure should fall within the scope of the present disclosure.

Claims (10)

1. A method for distributing a single package authorized seed for connecting an initiating host to a controller, comprising the steps of:
setting a user access address range allowing an access controller to automatically distribute seeds;
carrying out identity identification authentication on a user requesting to access the controller;
and for the authenticated user, automatically generating and distributing the seeds and the shared secret keys, and binding the seeds and the shared secret keys with the user terminal, wherein different terminals correspond to different seeds and shared secret keys.
2. The method for distributing the single-package authorized seeds as claimed in claim 1, wherein the step of setting the user access address range allowing the access controller to automatically distribute the seeds specifically includes:
the address range allowing the user to access the controller is specified through configuration;
and automatically generating an address range which does not allow the user to access the controller according to configuration specification or the access behavior of the controller.
3. The single-package authorized seed distribution method of claim 1, wherein the method for authenticating the identity of the user requesting to access the controller includes, but is not limited to, the following authentication methods: one or a combination of a plurality of kinds of password authentication, certificate authentication, short message authentication, dynamic token authentication and terminal authentication.
4. The method for distributing the single-package authorized seeds according to claim 1, wherein the step of "automatically generating and distributing the seeds and the shared secret keys, and binding the seeds and the shared secret keys with the user terminal, wherein different terminals correspond to different seeds and shared secret keys" specifically comprises the following steps:
connecting an initiating host IH to calculate the unique identifier of the terminal and initiating a seed application to the controller;
the controller checks whether the terminal has bound the seed;
and for the terminal not bound with the seed, generating the seed and the shared key by using a hardware random number, establishing a one-to-one binding relationship with the terminal, and responding to the connection initiation host IH.
5. The method for distributing the single-package authorized seeds of claim 1, wherein the seeds and the shared secret key are encrypted by using a cryptographic algorithm.
6. A single package authorized seed distribution apparatus for connecting an initiating host to a controller, comprising: address fence module, authentication module and seed automatic distribution module, wherein:
the address fence module is configured to limit a user access address range for automatic seed distribution by the access controller;
the authentication module is configured to identify and authenticate the identity of the access control user;
and the automatic seed distribution module is configured to automatically generate and distribute seeds and shared keys for the authenticated users, and the seeds and the shared keys are bound with the user terminals, and different terminals correspond to different seeds and shared keys.
7. The single-package authorized seed distribution device of claim 6, wherein the address fence module comprises two sub-modules of black list and white list, wherein:
the blacklist submodule contains a user address range which is not allowed to access the controller;
the white list submodule comprises a user address range allowing the controller to be accessed;
wherein the user address range includes one or more of a single address, an address mask, and an address segment.
8. The single-package authorized seed distribution device of claim 6, wherein the authentication module supports one or more combined authentication methods of password authentication, certificate authentication, short message authentication, dynamic token authentication, terminal authentication, and the like, including but not limited to the above authentication methods.
9. The single-package authorized seed distribution device of claim 6, wherein the automatic seed distribution module includes a generation submodule, and the generation submodule generates the seed and the shared key according to the hardware random number and establishes a one-to-one binding relationship with the terminal.
10. The single-package authorized seed distribution device of claim 6, wherein the automatic seed distribution module further comprises an encryption sub-module, configured to encrypt the seed and the shared key by using a cryptographic algorithm.
CN202210272458.7A 2022-03-18 2022-03-18 Single-package authorized seed distribution method and device for connecting initiating host to controller Pending CN114598471A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210272458.7A CN114598471A (en) 2022-03-18 2022-03-18 Single-package authorized seed distribution method and device for connecting initiating host to controller

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210272458.7A CN114598471A (en) 2022-03-18 2022-03-18 Single-package authorized seed distribution method and device for connecting initiating host to controller

Publications (1)

Publication Number Publication Date
CN114598471A true CN114598471A (en) 2022-06-07

Family

ID=81810110

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210272458.7A Pending CN114598471A (en) 2022-03-18 2022-03-18 Single-package authorized seed distribution method and device for connecting initiating host to controller

Country Status (1)

Country Link
CN (1) CN114598471A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101350780A (en) * 2008-08-25 2009-01-21 深圳市同方多媒体科技有限公司 Method and system for implementing network share
CN101410803A (en) * 2006-01-24 2009-04-15 思杰系统有限公司 Methods and systems for providing access to a computing environment
CN101610255A (en) * 2009-07-10 2009-12-23 清华大学 Source address demo plant based on the cryptography calculated address
US10659462B1 (en) * 2019-09-24 2020-05-19 Pribit Technology, Inc. Secure data transmission using a controlled node flow
US20200403787A1 (en) * 2019-06-21 2020-12-24 Verizon Patent And Licensing Inc. Quantum entropy distributed via software defined perimeter connections

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101410803A (en) * 2006-01-24 2009-04-15 思杰系统有限公司 Methods and systems for providing access to a computing environment
CN101350780A (en) * 2008-08-25 2009-01-21 深圳市同方多媒体科技有限公司 Method and system for implementing network share
CN101610255A (en) * 2009-07-10 2009-12-23 清华大学 Source address demo plant based on the cryptography calculated address
US20200403787A1 (en) * 2019-06-21 2020-12-24 Verizon Patent And Licensing Inc. Quantum entropy distributed via software defined perimeter connections
US10659462B1 (en) * 2019-09-24 2020-05-19 Pribit Technology, Inc. Secure data transmission using a controlled node flow

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
MATT CONRAN: "Zero Trust: Single Packet Authorization | Passive authorization", Retrieved from the Internet <URL:https://network-insight.net/2019/06/18/zero-trust-single-packet-authorization-passive-authorization/> *
新华三: "零信任应用实践:SDP技术应用场景与方案落地", Retrieved from the Internet <URL:https://www.51cto.com/article/701395.html> *
杨志刚: "【零信任aTrust】SPA不是"斯帕"、网络隐身全靠它", Retrieved from the Internet <URL:https://bbs.sangfor.com.cn/forum.php?mod=viewthread&tid=127901&page=1&extra=#/pid1622581> *
杨志刚: "【零信任aTrust】有了这个功能,拿到用户账号你也"白登"啦", Retrieved from the Internet <URL:https://bbs.sangfor.com.cn/forum.php?mod=viewthread&tid=129291> *
深信服科技: "看『零信任J 如何解决业务访问的安全问题", Retrieved from the Internet <URL:https://www.sangfor.com.cn/news/202101202102031725> *
袁红斌;张书钦;曹会群;: "基于跳频的工业控制无线传感器网络的SPA-MAC协议设计研究", 中原工学院学报, no. 02 *

Similar Documents

Publication Publication Date Title
CN108390851B (en) Safe remote control system and method for industrial equipment
CN114553568B (en) Resource access control method based on zero-trust single-package authentication and authorization
CN108964885B (en) Authentication method, device, system and storage medium
CN105471833B (en) A kind of safe communication method and device
CN101951603B (en) Access control method and system for wireless local area network
US7953391B2 (en) Method for inclusive authentication and management of service provider, terminal and user identity module, and system and terminal device using the method
CN102217277B (en) Method and system for token-based authentication
CN107733636B (en) Authentication method and authentication system
CN111031047A (en) Device communication method, device, computer device and storage medium
CN103634265A (en) Method, device and system for security authentication
CN114765534A (en) Private key distribution system based on national password identification cryptographic algorithm
CN104486322B (en) Terminal access authentication authorization method and terminal access authentication authoring system
KR20230145009A (en) Single sign on authentication method and system based on terminal using dynamic token generation agent
CN115277168A (en) Method, device and system for accessing server
CN109873818B (en) Method and system for preventing illegal access to server
CN109905376B (en) Method and system for preventing illegal access to server
CN113194476A (en) Equipment activation and authentication binding method
CN112448958B (en) Domain policy issuing method and device, electronic equipment and storage medium
WO2022041151A1 (en) Device verification method, device, and cloud
KR20090012013A (en) Method and system for providing mutual authentication using kerberos
US11240661B2 (en) Secure simultaneous authentication of equals anti-clogging mechanism
CN112261103A (en) Node access method and related equipment
WO2014084711A1 (en) A system and method for duty-shared authenticated group key transport
JPH11331181A (en) Network terminal authenticating device
CN114598471A (en) Single-package authorized seed distribution method and device for connecting initiating host to controller

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination