CN114615329A - Method and system for realizing SDP architecture without client - Google Patents
Method and system for realizing SDP architecture without client Download PDFInfo
- Publication number
- CN114615329A CN114615329A CN202210227306.5A CN202210227306A CN114615329A CN 114615329 A CN114615329 A CN 114615329A CN 202210227306 A CN202210227306 A CN 202210227306A CN 114615329 A CN114615329 A CN 114615329A
- Authority
- CN
- China
- Prior art keywords
- sdp
- proxy server
- spa
- terminal
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000004891 communication Methods 0.000 claims description 20
- 238000004590 computer program Methods 0.000 claims description 3
- 230000002452 interceptive effect Effects 0.000 claims description 3
- 238000006243 chemical reaction Methods 0.000 claims description 2
- 230000008569 process Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the field of software defined boundaries, in particular to a method for realizing a client-free SDP architecture. The method comprises the following steps: the terminal sends a login packet to the SDP proxy server; the SDP proxy server receives the login packet and acquires login parameters; the SDP proxy server sends an SPA request to the SDP controller; the SDP controller receives the SPA request and authenticates. By the SDP architecture implementation method, a user can access the SDP proxy server in a lightweight mode to perform SPA authentication, the SDP architecture function is implemented, and the implementability of the SDP architecture scheme is improved.
Description
Technical Field
The invention relates to the field of software defined boundaries, in particular to a method for realizing a client-free SDP architecture.
Background
Software defined boundaries (SDP) is a security framework developed by the Cloud Security Association (CSA) that hides the core network assets and settings and is not exposed to the internet by default. The method comprises the steps that an accessor sends an authentication request by using a Single Packet Authorization (SPA) technology through a terminal, and after the authentication is passed, an SDP controller dynamically opens the access authority of a specified network asset of the specified accessor. In implementation, usually, the SDP gateway adopts an access policy of discarding all data packets by default, so that unauthorized users and devices cannot detect or access a protected application port, thereby greatly improving the security level of the system.
A traditional SDP framework adopts a gateway mode, an access rule established by an SDP controller is only opened for authorized users and services, a key and a strategy are dynamic and only used for single access, unauthorized strange access is completely shielded and refused in a TCP link establishing stage, and the safety of a system is enhanced through a single access control mode.
However, in the gateway mode of the SDP, a user needs to install an SDP terminal program to complete the SPA authentication process with the SDP controller, and under the influence of the wave of the current internet, all services gradually move to clouding and light weight, and at this time, if the user still needs to rely on a local SDP terminal to perform the SPA authentication process, the method obviously does not conform to the development direction of the modern internet technology, and therefore, a light-weight SDP architecture implementation method is found to be a technical problem to be solved urgently in the prior art.
Disclosure of Invention
In order to solve the problems in the related art, the invention provides a method for implementing the SDP architecture, which solves the problem of light weight of the SDP architecture and improves the safety of the SDP architecture.
In order to achieve the purpose, the invention adopts the following technical scheme:
as a first aspect of the present invention, a method for implementing a client-less SDP architecture includes an SPA authentication method, where the SPA authentication method includes the following steps:
the terminal sends a login packet to the SDP proxy server;
the SDP proxy server receives the login packet and acquires login parameters;
the SDP proxy server sends an SPA request to the SDP controller;
the SDP controller receives the SPA request and authenticates.
Further, the SDP proxy server includes a counter, where the counter counts the number of identical login packets at a fixed time interval, and when the counter reaches an alarm threshold, the SDP proxy server refuses to receive identical login packets.
Further, the SPA request is sent to the SDP server in a UDP packet mode.
Optionally, the method further includes a gateway configuration method, where the gateway configuration method includes the following steps:
the SDP controller receives the application address, generates a corresponding proxy address and forms application information;
the SDP controller sends application information to the SDP gateway;
the SDP gateway analyzes the application information and generates an address conversion rule;
the SDP controller configures the access rights.
Optionally, the method further comprises the following steps:
the terminal acquires a login page from an SDP proxy server;
a terminal sends login content to an SDP proxy server and initiates SPA authentication, wherein the login content comprises a terminal IP, a user name and a password, and the SPA authentication is to execute the SPA authentication method;
the SDP controller generates a Token and sends authentication information to an SDP gateway, wherein the authentication information comprises the Token and a terminal IP;
the SDP controller returns request information, wherein the request information comprises a Token and a terminal IP;
the terminal requests the SDP gateway according to the request information;
the SDP gateway authenticates the request.
Optionally, as in the foregoing method, after the SPA authentication passes, request information is returned to the SDP proxy server, where the SDP proxy server obtains a proxy address result set of the controllable application from the SDP controller, and the terminal selects one of the proxy addresses in the proxy address result set of the SDP proxy server, adds the request information, and requests the SDP gateway for access.
Optionally, as in the foregoing method, the terminal intercepts an application address, redirects to a login page of the SDP proxy server, sends login content to the SDP proxy server, initiates the SPA authentication, after the SPA authentication is passed, the SPA controller returns a proxy address and request information to the terminal, and the terminal requests access to the SDP gateway through the returned proxy address and request information.
As a second aspect of the present invention, an SDP architecture system comprising:
the terminal is used for providing interactive operation between the user and the SDP proxy server;
the SDP proxy server is used for communication between the terminal and the SDP controller;
the SDP controller is used for carrying out SPA authentication, generating a Token and distributing authentication information and request information;
the SDP gateway is used for user authentication, authority identification and request forwarding of a user request;
and the application server is a physical device stored for a target application or service of the final direction of the user.
As a third aspect of the present invention, an electronic apparatus includes: the system comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
the memory is used for storing a computer program;
the processor is configured to execute the program stored in the memory to implement the method according to any of the preceding claims.
As a fourth aspect of the present invention, a storage medium comprising a stored program, wherein the program when executed performs the method as set forth in any one of the preceding claims.
The invention has the beneficial effects that: the SDP proxy server provides an SPA authentication function, so that a user can access the SDP proxy server in a lightweight mode to perform SPA authentication, the SDP architecture function is realized, and the implementability of an SDP architecture scheme is improved; meanwhile, the SDP proxy server can effectively isolate the connection relation between the terminal and the SDP framework, so that the SDP framework has higher network stealth capability.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
fig. 1 is a flowchart illustrating an SPA authentication method.
Fig. 2 is a flowchart illustrating a gateway configuration method.
Fig. 3 is a flowchart illustrating a method for implementing the SDP architecture.
Fig. 4 is a system structure diagram of the SDP architecture.
Fig. 5 is a schematic structural diagram of an electronic device.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, an SDP architecture implementation method provided in the embodiment of the present application includes an SPA authentication method, where the SPA authentication method includes the following steps:
in step S11, the terminal sends a login packet to the SDP proxy server.
Specifically, the terminal has a communication function and is in communication connection with an SDP proxy server, and the login packet includes a terminal IP, a user name, and a password.
In step S12, the SDP proxy server receives the login packet and obtains login parameters.
Specifically, the SDP proxy server parses the login packet, obtains the terminal IP, the user name, and the password, and simultaneously verifies the data security of the login packet.
In a preferred embodiment, the SDP proxy server includes a counter, where the counter counts the number of the same login packets at a fixed time interval, and when the counter reaches an alarm threshold, the SDP proxy server refuses to receive the same login packets.
In step S13, the SDP proxy server sends an SPA request to the SDP controller.
Specifically, the SPA request includes request parameters, and the request parameters include a terminal IP, a user name, and a password.
As a preferred embodiment, the SPA request is sent to the SDP server in a UDP packet manner.
In step S14, the SDP controller receives the SPA request and performs authentication.
Specifically, the SDP server receives the SPA request, obtains a user name and a password, and performs authentication according to the user name and the password. The SDP controller stores a user name which is input in advance and a password matched with the user name, and checks whether the matched password is correct or not according to the user name, so that whether the user is legal or not is verified.
The method has the advantages that the SPA authentication request is sent to the SDP controller in an SDP proxy server mode, the whole authentication process is more flexible, authentication can be completed in a lightweight network interaction mode such as a browser or a small program, meanwhile, two operations of sending login information and SPA authentication of a user are isolated, the user cannot track and crack the SPA authentication, and the safety of the whole SDP framework is further improved.
Referring to fig. 3, an SDP architecture implementation method provided in the embodiment of the present application further includes a gateway configuration method, where the gateway configuration method includes the following steps:
in step S21, the SDP controller receives the application address, generates a corresponding proxy address, and composes application information.
Specifically, the application address may be input by a user, or may be automatically reported to the SDP controller by an application or a service. The proxy address is a network request address which is generated by the SDP through analyzing the application address and is different from other application addresses. The domain name of the proxy address is an IP address of the SDP gateway or a network mapping address thereof, the SDP gateway can be requested through the proxy address, and the SDP gateway can obtain an application address corresponding to the proxy address through analyzing the proxy address. The application information includes a correspondence between the application address and the proxy address.
In step S22, the SDP controller sends application information to the SDP gateway.
In step S23, the SDP gateway parses the application information, and generates an address translation rule.
Specifically, the SDP gateway analyzes the application address, obtains a correspondence between the application address and the proxy address, and maps the proxy address to the application address. When a request is made to the SDP gateway through the proxy address, the SDP gateway finds the corresponding mapped application address through the proxy address, and forwards the request to the corresponding application address.
In step S24, the SDP controller configures access rights.
Specifically, the SDP controller matches the user name with the proxy address, and stores the user name and the proxy address to the SDP controller.
By the gateway configuration method, the permission limitation and the request forwarding of the user can be realized, the isolation of the network environment is realized, and the application access has higher security and confidentiality.
Referring to fig. 3, a method for implementing a client-less SDP architecture provided in the embodiment of the present application includes the following steps:
in step S31, the terminal obtains a login page from the SDP proxy server.
Specifically, the SDP proxy server pre-stores a page script of the login page, and the terminal obtains the page script of the login page from the SDP proxy server in a network request manner and displays the page script on the terminal in a page rendering manner.
As a preferred embodiment, the terminal requests the SDP proxy server to obtain a login page in an https request mode.
Step S32, the terminal sends login content to the SDP proxy server, and initiates SPA authentication.
Specifically, the login content is content that needs to be used for SPA authentication, and in this embodiment, the login content includes a terminal IP, a user name, and a password. The SPA authentication is the SPA authentication method described in the above steps S11 to S14.
In step S33, the SDP controller generates a Token, and sends authentication information to the SDP gateway.
Specifically, the SDP controller performs SPA authentication, generates a Token after the authentication is passed, and sends authentication information to the SDP gateway, where the authentication information includes the Token and the terminal IP. And the SDP gateway receives and stores the authentication information.
In step S34, the SDP controller returns request information.
Specifically, the request information includes a Token and a terminal IP, and corresponds to the authentication information stored in the SDP gateway.
And step S35, the terminal requests the SDP gateway according to the request information.
Specifically, the terminal acquires an agent address corresponding to an application address to be accessed, and adds request information to request the SDP gateway.
As an optional implementation manner, after the SPA passes authentication, request information is returned to the SDP proxy server, the SDP proxy server obtains a proxy address result set of the controllable application from the SDP controller, and the terminal selects one of the proxy addresses in the proxy address result set of the SDP proxy server, adds the request information, and requests access to the SDP gateway.
As another optional implementation, the terminal intercepts the application address, redirects to the login page of the SDP proxy server, sends the login content to the SDP proxy server, initiates SPA authentication, after the SPA authentication is passed, the SPA controller returns to the terminal through the proxy address and request information of the SDP proxy server, and the terminal requests access to the SDP gateway through the returned proxy address and request information.
Step S36, the SDP gateway authenticates the request.
Specifically, the SDP gateway analyzes the request information, acquires the Token, verifies the Token, and detects the validity of the Token.
According to the embodiment of the invention, the SPA authentication function is provided by the SDP proxy server, so that a user can perform SPA authentication only in a light weight mode, the SDP architecture function is realized, and the implementability of the SDP architecture scheme is improved. Meanwhile, the SDP proxy server isolates the association relation between the SDP framework and the user side, so that the whole SDP framework has higher network stealth capability.
Referring to fig. 4, another aspect of the present application further provides an SDP architecture system, including:
and the terminal is used for providing interactive operation between the user and the SDP proxy server. Specifically, the terminal is an operation terminal capable of performing network communication, such as a mobile phone and a tablet.
And the SDP proxy server is used for communication between the terminal and the SDP controller.
And the SDP controller is used for performing SPA authentication, generating a Token and distributing authentication information and request information.
And the SDP gateway is used for authenticating the user, authenticating the authority of the user and forwarding the request.
And the application server is a physical device stored for a target application or service of the final direction of the user.
Referring to fig. 5, another aspect of the present application further provides an electronic device, including: the device comprises a processor 11, a communication interface 12, a memory 13 and a communication bus 14, wherein the processor 11, the communication interface 12 and the memory 13 are communicated with each other through the communication bus 14.
A memory 13 for storing a computer program;
and a processor 11 for executing the program stored in the memory 13 to implement the steps of the above-mentioned method embodiments.
The bus mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the electronic equipment and other equipment.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component.
The embodiment of the present application further provides a storage medium, where the storage medium includes a stored program, and the program executes the method steps of the foregoing method embodiment when running.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present invention, which enable those skilled in the art to understand or practice the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A method for realizing a client-free SDP architecture is characterized by comprising an SPA authentication method, wherein the SPA authentication method comprises the following steps:
the terminal sends a login packet to the SDP proxy server;
the SDP proxy server receives the login packet and acquires login parameters;
the SDP proxy server sends an SPA request to the SDP controller;
the SDP controller receives the SPA request and authenticates.
2. The SDP architecture implementing method of claim 1, wherein the SDP proxy server comprises a counter, the counter counts a number of identical login packets at a fixed time interval, and when the counter reaches an alarm threshold, the same login packets are rejected from being received.
3. The SDP architecture implementing method of claim 1, wherein the SPA request is sent to an SDP server in a UDP packet.
4. The SDP architecture implementing method of claim 1, further comprising a gateway configuration method, the gateway configuration method comprising the steps of:
the SDP controller receives the application address, generates a corresponding proxy address and forms application information; the SDP controller sends application information to the SDP gateway;
the SDP gateway analyzes the application information and generates an address conversion rule;
the SDP controller configures the access rights.
5. The SDP architecture implementing method of claim 1, further comprising the steps of:
the terminal acquires a login page from an SDP proxy server;
the terminal sends login content to an SDP proxy server and initiates SPA authentication, wherein the login content comprises a terminal IP, a user name and a password, and the SPA authentication is to execute the SPA authentication method;
the SDP controller generates a Token and sends authentication information to an SDP gateway, wherein the authentication information comprises the Token and a terminal IP;
the SDP controller returns request information, wherein the request information comprises a Token and a terminal IP;
the terminal requests the SDP gateway according to the request information;
the SDP gateway authenticates the request.
6. The method of claim 5, wherein the SPA authentication is passed and then a request message is returned to the SDP proxy server, the SDP proxy server obtains a result set of proxy addresses of controllable applications from the SDP controller, and the terminal selects one of the proxy addresses in the result set of proxy addresses of the SDP proxy server, adds the request message, and requests the SDP gateway for access.
7. The SDP architecture implementation method of claim 5, wherein the terminal intercepts an application address and redirects to a login page of the SDP proxy server, the terminal sends login content to the SDP proxy server to initiate the SPA authentication, after the SPA authentication is passed, the SPA controller returns a proxy address and request information to the terminal, and the terminal requests access to the SDP gateway through the returned proxy address and request information.
8. An SDP architecture system, comprising:
the terminal is used for providing interactive operation between the user and the SDP proxy server;
the SDP proxy server is used for communication between the terminal and the SDP controller;
the SDP controller is used for carrying out SPA authentication, generating a Token and distributing authentication information and request information;
the SDP gateway is used for user authentication, authority identification and request forwarding of a user request;
and the application server is a physical device stored for a target application or service of the final direction of the user.
9. An electronic device, comprising: the system comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
the memory is used for storing a computer program;
the processor, configured to execute the program stored in the memory, to implement the method of any one of claims 1-7.
10. A storage medium, characterized in that the storage medium comprises a stored program, wherein the program when executed performs the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210227306.5A CN114615329B (en) | 2022-03-08 | 2022-03-08 | Client-free SDP architecture implementation method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210227306.5A CN114615329B (en) | 2022-03-08 | 2022-03-08 | Client-free SDP architecture implementation method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114615329A true CN114615329A (en) | 2022-06-10 |
| CN114615329B CN114615329B (en) | 2024-10-01 |
Family
ID=81861725
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210227306.5A Active CN114615329B (en) | 2022-03-08 | 2022-03-08 | Client-free SDP architecture implementation method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114615329B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114978773A (en) * | 2022-07-27 | 2022-08-30 | 远江盛邦(北京)网络安全科技股份有限公司 | Single package authentication method and system |
| CN118300899A (en) * | 2024-06-05 | 2024-07-05 | 新华三工业互联网有限公司 | Authorized communication method, device, computer equipment and storage medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017186005A1 (en) * | 2016-04-29 | 2017-11-02 | 中兴通讯股份有限公司 | Method, server, and terminal for cloud desktop authentication |
| CN107948203A (en) * | 2017-12-29 | 2018-04-20 | 平安科技(深圳)有限公司 | A kind of container login method, application server, system and storage medium |
| US20190228144A1 (en) * | 2018-01-25 | 2019-07-25 | Salesforce.Com, Inc. | User device authentication |
| CN111600906A (en) * | 2020-06-08 | 2020-08-28 | 奇安信科技集团股份有限公司 | Data processing method, device, system, medium, and program |
| CN111770090A (en) * | 2020-06-29 | 2020-10-13 | 深圳市联软科技股份有限公司 | Single package authorization method and system |
| US20200403787A1 (en) * | 2019-06-21 | 2020-12-24 | Verizon Patent And Licensing Inc. | Quantum entropy distributed via software defined perimeter connections |
| US20210185018A1 (en) * | 2019-12-16 | 2021-06-17 | Vmware, Inc. | Concealing internal applications that are accessed over a network |
| CN113612790A (en) * | 2021-08-11 | 2021-11-05 | 上海观安信息技术股份有限公司 | Data security transmission method and device based on equipment identity pre-authentication |
| CN113923020A (en) * | 2021-10-09 | 2022-01-11 | 天翼物联科技有限公司 | Micro-service authentication method, device and equipment of SaaS multi-tenant architecture |
| US20220045854A1 (en) * | 2020-08-09 | 2022-02-10 | Perimeter 81 Ltd | Unification of data flows over network links with different internet protocol (ip) addresses |
-
2022
- 2022-03-08 CN CN202210227306.5A patent/CN114615329B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017186005A1 (en) * | 2016-04-29 | 2017-11-02 | 中兴通讯股份有限公司 | Method, server, and terminal for cloud desktop authentication |
| CN107948203A (en) * | 2017-12-29 | 2018-04-20 | 平安科技(深圳)有限公司 | A kind of container login method, application server, system and storage medium |
| US20190228144A1 (en) * | 2018-01-25 | 2019-07-25 | Salesforce.Com, Inc. | User device authentication |
| US20200403787A1 (en) * | 2019-06-21 | 2020-12-24 | Verizon Patent And Licensing Inc. | Quantum entropy distributed via software defined perimeter connections |
| US20210185018A1 (en) * | 2019-12-16 | 2021-06-17 | Vmware, Inc. | Concealing internal applications that are accessed over a network |
| CN111600906A (en) * | 2020-06-08 | 2020-08-28 | 奇安信科技集团股份有限公司 | Data processing method, device, system, medium, and program |
| CN111770090A (en) * | 2020-06-29 | 2020-10-13 | 深圳市联软科技股份有限公司 | Single package authorization method and system |
| US20220045854A1 (en) * | 2020-08-09 | 2022-02-10 | Perimeter 81 Ltd | Unification of data flows over network links with different internet protocol (ip) addresses |
| CN113612790A (en) * | 2021-08-11 | 2021-11-05 | 上海观安信息技术股份有限公司 | Data security transmission method and device based on equipment identity pre-authentication |
| CN113923020A (en) * | 2021-10-09 | 2022-01-11 | 天翼物联科技有限公司 | Micro-service authentication method, device and equipment of SaaS multi-tenant architecture |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114978773A (en) * | 2022-07-27 | 2022-08-30 | 远江盛邦(北京)网络安全科技股份有限公司 | Single package authentication method and system |
| CN118300899A (en) * | 2024-06-05 | 2024-07-05 | 新华三工业互联网有限公司 | Authorized communication method, device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114615329B (en) | 2024-10-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11882109B2 (en) | Authenticated name resolution | |
| CN112822158B (en) | Network access method and device, electronic equipment and storage medium | |
| TWI725958B (en) | Cloud host service authority control method, device and system | |
| US10225260B2 (en) | Enhanced authentication security | |
| US8990356B2 (en) | Adaptive name resolution | |
| WO2016188256A1 (en) | Application access authentication method, system, apparatus and terminal | |
| US20100100950A1 (en) | Context-based adaptive authentication for data and services access in a network | |
| US9736130B1 (en) | Communications methods and apparatus related to web initiated sessions | |
| WO2022247751A1 (en) | Method, system and apparatus for remotely accessing application, device, and storage medium | |
| CN114615329B (en) | Client-free SDP architecture implementation method and system | |
| EP2572288A1 (en) | Validating updates to domain name system records | |
| CN109040069B (en) | Cloud application program publishing method, publishing system and access method | |
| CN110933078B (en) | H5 unregistered user session tracking method | |
| US11770385B2 (en) | Systems and methods for malicious client detection through property analysis | |
| EP3687139B1 (en) | Secure provisioning and validation of access tokens in network environments | |
| CN110830447A (en) | SPA single packet authorization method and device | |
| WO2016164984A1 (en) | Method and system for transaction security | |
| WO2019067810A1 (en) | Transient transaction server dns strategy | |
| US20220158977A1 (en) | Authenticating to a hybrid cloud using intranet connectivity as silent authentication factor | |
| CN114938288A (en) | Data access method, device, equipment and storage medium | |
| CN116707955A (en) | Single-packet authentication method and related device | |
| CN111193708A (en) | Code scanning login method and device based on enterprise browser | |
| CN107045603A (en) | Control method and device are called in a kind of application | |
| CN114389813A (en) | Method, device, equipment and storage medium for access authorization of browser | |
| WO2004099949A1 (en) | Web site security model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Country or region after: China Address after: 3-1, 1st Floor, Building 3, No. 8 Shangdi Chuangye Road, Haidian District, Beijing 100085 Applicant after: Beijing Congyun Technology Co.,Ltd. Address before: No. 605, 6th floor, building 3, No. 52, Zhongguancun South Street, Haidian District, Beijing 100089 Applicant before: Beijing Congyun Technology Co.,Ltd. Country or region before: China |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |