CN114598471A - Single-package authorized seed distribution method and device for connecting initiating host to controller - Google Patents
Single-package authorized seed distribution method and device for connecting initiating host to controller Download PDFInfo
- Publication number
- CN114598471A CN114598471A CN202210272458.7A CN202210272458A CN114598471A CN 114598471 A CN114598471 A CN 114598471A CN 202210272458 A CN202210272458 A CN 202210272458A CN 114598471 A CN114598471 A CN 114598471A
- Authority
- CN
- China
- Prior art keywords
- seeds
- authentication
- controller
- user
- seed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3215—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Abstract
The present disclosure provides a single-package authorized seed distribution device and method, including: the address fence module limits a user access address range for the access controller to automatically distribute seeds; the authentication module is used for identifying the identity of the access control user; and the automatic seed distribution module is used for automatically generating and distributing seeds and shared keys, and is bound with the user terminal, and different terminals correspond to different keys. The method and the system realize automatic generation and distribution of the seeds, and avoid the trouble of one-by-one distribution of managers; meanwhile, the security in the seed distribution process is improved by means of address fence, identity authentication, dynamic generation, different keys of different terminals and the like.
Description
Technical Field
The invention relates to the technical field of data communication, in particular to a method and a device for distributing single-package authorized seeds.
Background
In the SDP software defined boundary architecture, before the communication between the connection initiating host IH and the controller, the connection receiving host AH and the controller and IH-AH, the connection is allowed to be established after the authentication of SPA single packet authorization. The SPA authentication is based on RFC4226 HOTP standard, and the authentication is realized based on shared seeds. Then, how to distribute the seeds becomes a problem. The common seed distribution mode for connecting the initiating host IH to the controller is to adopt static seeds, all users adopt the same seed to carry out SPA authentication, and once the static seeds are obtained by illegal users, the SPA authentication is similar to a nominal SPA authentication; if the managers are adopted to distribute the operation and maintenance data one by one, a large amount of time and energy are consumed, and the operation and maintenance management cost is increased.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a method and a device for distributing a single-packet authorized authentication seed for connecting an initiating host IH to a controller, which can automatically complete seed distribution and ensure safety.
The single-packet authorized authentication seed distribution method for connecting the initiating host IH to the controller provided by the disclosure comprises the following steps:
setting a user access address range allowing an access controller to automatically distribute seeds;
carrying out identity identification authentication on a user requesting to access the controller;
and for the authenticated user, automatically generating and distributing the seeds and the shared secret keys, and binding the seeds and the shared secret keys with the user terminal, wherein different terminals correspond to different seeds and shared secret keys.
Further, the step of setting a user access address range that allows the access controller to perform automatic seed distribution specifically includes:
the address range allowing the user to access the controller is specified through configuration;
and automatically generating an address range which does not allow the user to access the controller according to configuration specification or the access behavior of the controller.
Further, the method for authenticating the identity of the user requesting to access the controller includes, but is not limited to, the following authentication methods: one or a combination of a plurality of kinds of password authentication, certificate authentication, short message authentication, dynamic token authentication and terminal authentication.
Further, the step of "automatically generating and distributing seeds and shared keys, and binding with the user terminal, different terminals corresponding to different seeds and shared keys" specifically includes the following steps:
connecting an initiating host IH to calculate the unique identifier of the terminal and initiating a seed application to the controller;
the controller checks whether the terminal has bound the seed;
and for the terminal not bound with the seed, generating the seed and the shared key by using a hardware random number, establishing a one-to-one binding relationship with the terminal, and responding to the connection initiation host IH.
Further, the seeds and the shared secret key are encrypted by adopting a national secret algorithm.
The present disclosure also provides a single packet authorized authentication seed distribution device for connecting an initiating host IH to a controller, including: address fence module, authentication module and seed automatic distribution module, wherein:
the address fence module is configured to limit a user access address range for automatic seed distribution by the access controller;
the authentication module is configured to perform identification authentication on the identity of the access control user;
and the automatic seed distribution module is configured to automatically generate and distribute seeds and shared keys for the authenticated users, and the seeds and the shared keys are bound with the user terminals, and different terminals correspond to different seeds and keys.
Further, the address fence module comprises two sub-modules of a black list and a white list, wherein:
the blacklist submodule comprises a user address range which is not allowed to access the controller;
the white list submodule comprises a user address range allowing the controller to be accessed;
wherein the user address range includes one or more of a single address, an address mask, and an address segment.
Further, the authentication module supports one or more combined authentication modes of password authentication, certificate authentication, short message authentication, dynamic token authentication, terminal authentication and the like, including but not limited to the above authentication modes.
Further, the automatic seed distribution module comprises a generation submodule, wherein the generation submodule generates the seed and the shared key according to the hardware random number and establishes a one-to-one binding relationship with the terminal.
Further, the automatic seed distribution module further comprises an encryption sub-module, which is used for encrypting the seed and the shared secret key by adopting a national secret algorithm.
According to the single-package authorized seed distribution method and device, the seeds and the secret keys are automatically generated and distributed, so that a large amount of time and energy consumed by one-by-one distribution of an administrator are avoided, and the operation and maintenance management cost is reduced; meanwhile, the security in the seed distribution process is improved through the means of address fence, identity authentication, dynamic generation of seeds and keys, binding with the terminal and the like.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the scope of the disclosure, as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of the specification of the disclosure, illustrate exemplary embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
FIG. 1 is a flow chart of a single packet authorized seed distribution from an initiating host IH to a controller;
fig. 2 is an exemplary timing diagram.
Detailed Description
Reference will now be made in detail to various exemplary embodiments of the present disclosure, which should not be taken as limiting the disclosure, but rather as a more detailed description of certain aspects, features, and embodiments of the disclosure.
The disclosure of the present specification and examples is illustrative only. It will be apparent to those skilled in the art that various modifications and variations can be made in the specific embodiments of the disclosure without departing from the scope or spirit of the disclosure. Other embodiments will be apparent to those skilled in the art from consideration of the specification.
FIG. 1 is a flowchart of an exemplary embodiment of a method for distributing a single-package authorized authentication seed for connecting an initiating host IH to a controller according to the present disclosure.
As shown in fig. 1, an exemplary embodiment includes the steps of:
s101: a user access address range is set that allows the access controller to automatically distribute the seed.
This setting may be accomplished by the following steps or means:
the address range allowing the user to access the controller is specified through configuration;
and automatically generating an address range which does not allow the user to access the controller according to configuration specification or the access behavior of the controller.
The address range includes the form of single address, address mask and address segment.
S102: and carrying out identity identification authentication on the user requesting to access the controller.
Authentication is used to identify the legitimate identity of an access control user. The authentication supports but is not limited to authentication modes such as password authentication, certificate authentication, short message authentication, dynamic token authentication, terminal authentication and the like and combination modes thereof.
S103: and for the user passing the authentication, automatically generating and distributing the seeds and the shared secret keys, and binding the seeds and the shared secret keys with the user terminal to ensure that different terminals correspond to different seeds and shared secret keys. The method specifically comprises the following steps:
connecting a unique identifier of an initiating host IH computing terminal, and initiating a seed application to a controller;
the controller checks whether the terminal has bound the seed;
for terminals not bound with the seeds, the seeds and the shared secret key are generated by using hardware random numbers, one-to-one binding relation is established with the terminals, and the terminals respond to the connection initiating host IH. In order to further improve the security of the seed and the secret key, the seed and the shared secret key are preferably encrypted by using a cryptographic algorithm.
In this embodiment, if an access user test needs to be added, the access timing chart is as shown in fig. 2:
step 1, an account test is allocated to an access user, and an access IP of the access user is added into a white list. The white list is a user address range allowing access to the controller and is specified by an administrator through configuration; the address range of the controller which is not allowed to be accessed by the user can be limited by a blacklist, the blacklist is specified by the configuration of an administrator, or the controller is automatically generated according to the access behavior of the user.
And 2, the user requests to log in the controller, and the controller performs identity authentication on the controller.
And step 3, allowing the user to log in through authentication.
And 4, computing the unique identifier of the terminal by the connection initiating host IH.
And 5, initiating a seed application to the controller.
Step 6, the controller checks whether the terminal is bound with the seeds or not, and if the terminal is bound with the seeds, the seed distribution is refused; if the seed is not bound, the seed and the shared key are generated, preferably using hardware random numbers.
And 7, establishing a one-to-one binding relationship between the generated seeds and the terminal.
And 8, preferably encrypting the seeds and the keys by adopting a national cryptographic algorithm, and responding to the connection initiating host IH.
And when the access user logs in again, single-packet authorization authentication is adopted.
Therefore, in the embodiment, the seeds and the secret keys are automatically generated and distributed, so that the trouble that an administrator distributes the seeds one by one is avoided; meanwhile, the seeds are generated dynamically and randomly, different terminals are guaranteed to correspond to different seeds and secret keys, the user address and the user identity are limited and authenticated before the seeds are distributed, encryption measures are further used, and safety in the seed distribution process is improved layer by layer.
The single-package authorization authentication seed distribution method adopting the method comprises the following steps: address fence module, authentication module and seed automatic distribution module, wherein:
the address fence module limits a user access address range for the access controller to automatically distribute seeds;
the authentication module is used for identifying and authenticating the identity of the access control user;
and the automatic seed distribution module is used for automatically generating and distributing seeds and shared keys for the authenticated users, and binding the seeds and the shared keys with the user terminals, wherein different terminals correspond to different seeds and keys.
The address fence module comprises two sub-modules of a black list and a white list, wherein:
the blacklist submodule limits a user address range which is not allowed to access the controller;
the white list sub-module limits the user address range allowing the access controller;
wherein the user address range comprises one or more of a single address, an address mask and an address segment.
The authentication module supports one or more combined authentication modes including but not limited to password authentication, certificate authentication, short message authentication, dynamic token authentication, terminal authentication and the like.
The automatic seed distribution module comprises a generation submodule, generates the seeds and the shared secret keys according to the hardware random number, and establishes one-to-one binding relationship with the terminals to ensure that different terminals correspond to different seeds and secret keys.
Preferably, the automatic seed distribution module further comprises an encryption sub-module, and the encryption sub-module encrypts the seed and the shared key by using a national encryption algorithm.
The foregoing is merely an illustrative embodiment of the present disclosure, and any equivalent changes and modifications made by those skilled in the art without departing from the spirit and principles of the present disclosure should fall within the scope of the present disclosure.
Claims (10)
1. A method for distributing a single package authorized seed for connecting an initiating host to a controller, comprising the steps of:
setting a user access address range allowing an access controller to automatically distribute seeds;
carrying out identity identification authentication on a user requesting to access the controller;
and for the authenticated user, automatically generating and distributing the seeds and the shared secret keys, and binding the seeds and the shared secret keys with the user terminal, wherein different terminals correspond to different seeds and shared secret keys.
2. The method for distributing the single-package authorized seeds as claimed in claim 1, wherein the step of setting the user access address range allowing the access controller to automatically distribute the seeds specifically includes:
the address range allowing the user to access the controller is specified through configuration;
and automatically generating an address range which does not allow the user to access the controller according to configuration specification or the access behavior of the controller.
3. The single-package authorized seed distribution method of claim 1, wherein the method for authenticating the identity of the user requesting to access the controller includes, but is not limited to, the following authentication methods: one or a combination of a plurality of kinds of password authentication, certificate authentication, short message authentication, dynamic token authentication and terminal authentication.
4. The method for distributing the single-package authorized seeds according to claim 1, wherein the step of "automatically generating and distributing the seeds and the shared secret keys, and binding the seeds and the shared secret keys with the user terminal, wherein different terminals correspond to different seeds and shared secret keys" specifically comprises the following steps:
connecting an initiating host IH to calculate the unique identifier of the terminal and initiating a seed application to the controller;
the controller checks whether the terminal has bound the seed;
and for the terminal not bound with the seed, generating the seed and the shared key by using a hardware random number, establishing a one-to-one binding relationship with the terminal, and responding to the connection initiation host IH.
5. The method for distributing the single-package authorized seeds of claim 1, wherein the seeds and the shared secret key are encrypted by using a cryptographic algorithm.
6. A single package authorized seed distribution apparatus for connecting an initiating host to a controller, comprising: address fence module, authentication module and seed automatic distribution module, wherein:
the address fence module is configured to limit a user access address range for automatic seed distribution by the access controller;
the authentication module is configured to identify and authenticate the identity of the access control user;
and the automatic seed distribution module is configured to automatically generate and distribute seeds and shared keys for the authenticated users, and the seeds and the shared keys are bound with the user terminals, and different terminals correspond to different seeds and shared keys.
7. The single-package authorized seed distribution device of claim 6, wherein the address fence module comprises two sub-modules of black list and white list, wherein:
the blacklist submodule contains a user address range which is not allowed to access the controller;
the white list submodule comprises a user address range allowing the controller to be accessed;
wherein the user address range includes one or more of a single address, an address mask, and an address segment.
8. The single-package authorized seed distribution device of claim 6, wherein the authentication module supports one or more combined authentication methods of password authentication, certificate authentication, short message authentication, dynamic token authentication, terminal authentication, and the like, including but not limited to the above authentication methods.
9. The single-package authorized seed distribution device of claim 6, wherein the automatic seed distribution module includes a generation submodule, and the generation submodule generates the seed and the shared key according to the hardware random number and establishes a one-to-one binding relationship with the terminal.
10. The single-package authorized seed distribution device of claim 6, wherein the automatic seed distribution module further comprises an encryption sub-module, configured to encrypt the seed and the shared key by using a cryptographic algorithm.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210272458.7A CN114598471A (en) | 2022-03-18 | 2022-03-18 | Single-package authorized seed distribution method and device for connecting initiating host to controller |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210272458.7A CN114598471A (en) | 2022-03-18 | 2022-03-18 | Single-package authorized seed distribution method and device for connecting initiating host to controller |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114598471A true CN114598471A (en) | 2022-06-07 |
Family
ID=81810110
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210272458.7A Pending CN114598471A (en) | 2022-03-18 | 2022-03-18 | Single-package authorized seed distribution method and device for connecting initiating host to controller |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114598471A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101350780A (en) * | 2008-08-25 | 2009-01-21 | 深圳市同方多媒体科技有限公司 | Method and system for implementing network share |
CN101410803A (en) * | 2006-01-24 | 2009-04-15 | 思杰系统有限公司 | Methods and systems for providing access to a computing environment |
CN101610255A (en) * | 2009-07-10 | 2009-12-23 | 清华大学 | Source address demo plant based on the cryptography calculated address |
US10659462B1 (en) * | 2019-09-24 | 2020-05-19 | Pribit Technology, Inc. | Secure data transmission using a controlled node flow |
US20200403787A1 (en) * | 2019-06-21 | 2020-12-24 | Verizon Patent And Licensing Inc. | Quantum entropy distributed via software defined perimeter connections |
-
2022
- 2022-03-18 CN CN202210272458.7A patent/CN114598471A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101410803A (en) * | 2006-01-24 | 2009-04-15 | 思杰系统有限公司 | Methods and systems for providing access to a computing environment |
CN101350780A (en) * | 2008-08-25 | 2009-01-21 | 深圳市同方多媒体科技有限公司 | Method and system for implementing network share |
CN101610255A (en) * | 2009-07-10 | 2009-12-23 | 清华大学 | Source address demo plant based on the cryptography calculated address |
US20200403787A1 (en) * | 2019-06-21 | 2020-12-24 | Verizon Patent And Licensing Inc. | Quantum entropy distributed via software defined perimeter connections |
US10659462B1 (en) * | 2019-09-24 | 2020-05-19 | Pribit Technology, Inc. | Secure data transmission using a controlled node flow |
Non-Patent Citations (6)
Title |
---|
MATT CONRAN: "Zero Trust: Single Packet Authorization | Passive authorization", Retrieved from the Internet <URL:https://network-insight.net/2019/06/18/zero-trust-single-packet-authorization-passive-authorization/> * |
新华三: "零信任应用实践:SDP技术应用场景与方案落地", Retrieved from the Internet <URL:https://www.51cto.com/article/701395.html> * |
杨志刚: "【零信任aTrust】SPA不是"斯帕"、网络隐身全靠它", Retrieved from the Internet <URL:https://bbs.sangfor.com.cn/forum.php?mod=viewthread&tid=127901&page=1&extra=#/pid1622581> * |
杨志刚: "【零信任aTrust】有了这个功能,拿到用户账号你也"白登"啦", Retrieved from the Internet <URL:https://bbs.sangfor.com.cn/forum.php?mod=viewthread&tid=129291> * |
深信服科技: "看『零信任J 如何解决业务访问的安全问题", Retrieved from the Internet <URL:https://www.sangfor.com.cn/news/202101202102031725> * |
袁红斌;张书钦;曹会群;: "基于跳频的工业控制无线传感器网络的SPA-MAC协议设计研究", 中原工学院学报, no. 02 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108390851B (en) | Safe remote control system and method for industrial equipment | |
CN114553568B (en) | Resource access control method based on zero-trust single-package authentication and authorization | |
CN108964885B (en) | Authentication method, device, system and storage medium | |
CN105471833B (en) | A kind of safe communication method and device | |
CN101951603B (en) | Access control method and system for wireless local area network | |
US7953391B2 (en) | Method for inclusive authentication and management of service provider, terminal and user identity module, and system and terminal device using the method | |
CN102217277B (en) | Method and system for token-based authentication | |
CN107733636B (en) | Authentication method and authentication system | |
CN111031047A (en) | Device communication method, device, computer device and storage medium | |
CN103634265A (en) | Method, device and system for security authentication | |
CN114765534A (en) | Private key distribution system based on national password identification cryptographic algorithm | |
CN104486322B (en) | Terminal access authentication authorization method and terminal access authentication authoring system | |
KR20230145009A (en) | Single sign on authentication method and system based on terminal using dynamic token generation agent | |
CN115277168A (en) | Method, device and system for accessing server | |
CN109873818B (en) | Method and system for preventing illegal access to server | |
CN109905376B (en) | Method and system for preventing illegal access to server | |
CN113194476A (en) | Equipment activation and authentication binding method | |
CN112448958B (en) | Domain policy issuing method and device, electronic equipment and storage medium | |
WO2022041151A1 (en) | Device verification method, device, and cloud | |
KR20090012013A (en) | Method and system for providing mutual authentication using kerberos | |
US11240661B2 (en) | Secure simultaneous authentication of equals anti-clogging mechanism | |
CN112261103A (en) | Node access method and related equipment | |
WO2014084711A1 (en) | A system and method for duty-shared authenticated group key transport | |
JPH11331181A (en) | Network terminal authenticating device | |
CN114598471A (en) | Single-package authorized seed distribution method and device for connecting initiating host to controller |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |