CN114710340B - Security authentication system and method - Google Patents

Security authentication system and method Download PDF

Info

Publication number
CN114710340B
CN114710340B CN202210307046.2A CN202210307046A CN114710340B CN 114710340 B CN114710340 B CN 114710340B CN 202210307046 A CN202210307046 A CN 202210307046A CN 114710340 B CN114710340 B CN 114710340B
Authority
CN
China
Prior art keywords
terminal
target
information
network
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210307046.2A
Other languages
Chinese (zh)
Other versions
CN114710340A (en
Inventor
杨旭
吕文俊
杜强
薛霁
李梁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhou Lvmeng Chengdu Technology Co ltd
Nsfocus Technologies Inc
Nsfocus Technologies Group Co Ltd
Original Assignee
Shenzhou Lvmeng Chengdu Technology Co ltd
Nsfocus Technologies Inc
Nsfocus Technologies Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhou Lvmeng Chengdu Technology Co ltd, Nsfocus Technologies Inc, Nsfocus Technologies Group Co Ltd filed Critical Shenzhou Lvmeng Chengdu Technology Co ltd
Priority to CN202210307046.2A priority Critical patent/CN114710340B/en
Publication of CN114710340A publication Critical patent/CN114710340A/en
Application granted granted Critical
Publication of CN114710340B publication Critical patent/CN114710340B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application discloses a security authentication system, a security authentication method, a security authentication device, security authentication equipment and a security authentication medium, which are used for improving timeliness and accuracy of security authentication of a terminal. Because the application can confirm the security grading value of the terminal based on the environmental information of the terminal stored in any other terminal (target other terminal) located in the same P2P network with the terminal, and then carry out security authentication on the environmental information of the terminal based on the security grading value, compared with the prior art that the terminal needs to send the environmental information of the terminal to an environment perception server across networks and carry out security authentication on the environmental information of the terminal based on one environment perception server, on one hand, because the application can confirm the security grading value of the terminal based on any other terminal, the single point fault risk can be reduced; on the other hand, because the stability and the instantaneity of the communication based on the P2P network are better than those of the communication based on the cross-network, the method and the device can improve the timeliness and the accuracy of the security authentication of the terminal.

Description

Security authentication system and method
Technical Field
The present disclosure relates to the field of network security technologies, and in particular, to a security authentication system, method, apparatus, device, and medium.
Background
The zero trust is a new network security model proposed by a chief analyst of a research structure Forrester in 2010, breaks through the default trust, inherits the principle of continuous verification and never trust, establishes a set of dynamic security architecture which takes identity as a center, takes continuous authentication, dynamic access control, authorization, audit and monitoring as a method, takes minimized real-time authorization as a core, and takes a multidimensional trust algorithm as a basis to authenticate the end. Where context awareness and authentication are the core of the overall security architecture.
The development time of zero trust is not long, so that the defect is unavoidable. For example, the schemes used in conjunction with environment awareness and authentication in existing "zero trust" are typically:
the terminal (environment-aware terminal) uploads the local environment information to the environment-aware server at regular time, and the environment-aware server performs security authentication on the terminal based on the environment information. Specifically, when a user triggers an access request to a terminal, the terminal sends terminal identification information and identity information of the user to an authentication server; the authentication server extracts the terminal identification information, initiates a security authentication request for whether the terminal is secure or not to the environment sensing server, performs security authentication on the terminal based on the stored environment information of the terminal, and returns a security authentication result to the authentication server. If the security authentication result returned by the environment sensing server is that the security risk of the terminal is too high, the authentication server blocks the access request of the terminal, otherwise, the authentication server continues to carry out the subsequent identity authentication flow.
However, the existing method that the terminal is required to upload the local environment information to the environment sensing server through the network and the environment sensing server performs security authentication on the terminal based on the environment information includes, on one hand, single-point failure risk, for example, when the environment sensing server fails, the risk that the terminal cannot be subjected to security authentication may occur; on the other hand, when the network fails, the terminal may not timely upload its latest environmental information to the environmental awareness server, and there may be a risk that the terminal may not be timely and accurately authenticated. Therefore, a technical solution that can improve the timeliness and accuracy of security authentication of a terminal is needed.
Disclosure of Invention
The application provides a security authentication system, a security authentication method, a security authentication device, security authentication equipment and a security authentication medium, which are used for improving timeliness and accuracy of security authentication of a terminal.
In a first aspect, the present application provides a security authentication system, the system comprising: a terminal, an authentication server and a plurality of other terminals in the same peer-to-peer network P2P network with the terminal;
the terminal is used for sending a first authentication request to other target terminals in the P2P network when receiving an access request to any application installed in the terminal, wherein the first authentication request carries identification information of the terminal;
The target other terminals are used for searching the target environment information corresponding to the terminal of the identification information in the stored environment information according to the identification information; determining a security grading value of the terminal according to whether the target environment information contains the set risk environment information; and sending the security score to the terminal;
the terminal is further configured to send a second authentication request carrying the security score value to the authentication server;
and the authentication server is used for carrying out security authentication on the environment information of the terminal according to the security grading value and a preset grading threshold value.
In a second aspect, the present application provides a security authentication method, where the method is applied to a first terminal, and the method includes:
when an access request for any application installed in a terminal is received, a first authentication request is sent to a target other terminal in a plurality of other terminals in the same peer-to-peer network P2P network with the terminal, wherein the first authentication request carries identification information of the terminal;
receiving security scoring values sent by other terminals of the target; the security score value is the target environment information corresponding to the terminal of the identification information is searched in the stored environment information according to the identification information by the other target terminals; determining a security scoring value of the terminal according to whether the target environment information contains set risk environment information or not;
Sending a second authentication request carrying the security scoring value to an authentication server; and enabling the authentication server to perform security authentication on the environment information of the terminal according to the security grading value and a preset grading threshold value.
In a third aspect, the present application provides a security authentication method, where the method is applied to a second terminal, the method includes:
receiving a first authentication request, wherein the first authentication request is sent by a first terminal in the same peer-to-peer network P2P network as the second terminal when receiving an access request to any application installed in the first terminal, and the first authentication request carries identification information of the first terminal;
searching target environment information corresponding to the terminal of the identification information in the stored environment information according to the identification information; determining a security grading value of the first terminal according to whether the target environment information contains set risk environment information or not; and sending the security score value to the first terminal; the first terminal sends a second authentication request carrying the security credit value to an authentication server; and enabling the authentication server to perform security authentication on the environment information of the first terminal according to the security grading value and a preset grading threshold value.
In a fourth aspect, the present application provides a security authentication method, the method being applied to an authentication server, the method comprising:
receiving a second authentication request carrying a security grading value sent by a terminal; the second authentication request is sent by the terminal when the terminal receives security credit values sent by target other terminals of a plurality of other terminals located in the same peer-to-peer network P2P with the terminal; the security score value is that when the terminal receives an access request of any application installed in the terminal, a first authentication request is sent to other target terminals, and the other target terminals search for target environment information corresponding to the terminal of the identification information in the stored environment information according to the identification information of the terminal carried in the first authentication request; determining a security scoring value of the terminal according to whether the target environment information contains set risk environment information or not;
and carrying out security authentication on the environment information of the terminal according to the security grading value and a preset grading threshold value.
In a fifth aspect, the present application provides a security authentication method, the method being applied to an environment-aware server, the method comprising:
Receiving a first joining request which is sent by a terminal and joins a peer-to-peer network P2P network; wherein, the first joining request carries authentication information of the terminal;
judging whether the authentication information is set compliance authentication information, if so, searching a target P2P network to which the target network address belongs from a network address corresponding to a stored P2P network according to the target network address in the authentication information, and sending network identification information of the target P2P network, existing terminal identification information added into the target P2P network and addition verification information to the terminal; transmitting the joining verification information to an existing terminal which is joined into the target P2P network; the terminal receives the network identification information, the existing terminal identification information and the joining verification information, and sends a second joining request to a target existing terminal corresponding to target existing terminal identification information in a target P2P network corresponding to the network identification information; and the target existing terminal verifies whether the terminal is allowed to join the target P2P network according to whether the joining verification information carried in the second joining request is consistent with the joining verification information received from the environment-aware server.
In a sixth aspect, the present application provides a security authentication device, the device comprising:
the terminal comprises a first sending module, a second sending module and a second sending module, wherein the first sending module is used for sending a first authentication request to a target other terminal in a plurality of other terminals in a peer-to-peer network P2P network which are positioned in the same peer-to-peer network with the terminal when receiving an access request of any application installed in the terminal, and the first authentication request carries identification information of the terminal;
the first receiving module is used for receiving the security credit values sent by the other target terminals; the security score value is the target environment information corresponding to the terminal of the identification information is searched in the stored environment information according to the identification information by the other target terminals; determining a security scoring value of the terminal according to whether the target environment information contains set risk environment information or not;
the second sending module is used for sending a second authentication request carrying the security grading value to the authentication server; and enabling the authentication server to perform security authentication on the environment information of the terminal according to the security grading value and a preset grading threshold value.
In a seventh aspect, the present application provides a security authentication device, the device comprising:
The second receiving module is used for receiving a first authentication request, wherein the first authentication request is sent by a first terminal in the same peer-to-peer network P2P network with the second terminal when receiving an access request of any application installed in the first terminal, and the first authentication request carries identification information of the first terminal;
the first determining module is used for searching target environment information corresponding to the terminal of the identification information in the stored environment information according to the identification information; determining a security grading value of the first terminal according to whether the target environment information contains set risk environment information or not; and sending the security score value to the first terminal; the first terminal sends a second authentication request carrying the security credit value to an authentication server; and enabling the authentication server to perform security authentication on the environment information of the first terminal according to the security grading value and a preset grading threshold value.
In an eighth aspect, the present application provides a security authentication device, the device comprising:
the third receiving module is used for receiving a second authentication request carrying a security grading value sent by the terminal; the second authentication request is sent by the terminal when the terminal receives security credit values sent by target other terminals of a plurality of other terminals located in the same peer-to-peer network P2P with the terminal; the security score value is that when the terminal receives an access request of any application installed in the terminal, a first authentication request is sent to other target terminals, and the other target terminals search for target environment information corresponding to the terminal of the identification information in the stored environment information according to the identification information of the terminal carried in the first authentication request; determining a security scoring value of the terminal according to whether the target environment information contains set risk environment information or not;
And the authentication module is used for carrying out security authentication on the environment information of the terminal according to the security score value and a preset score threshold value.
In a ninth aspect, the present application provides a security authentication device, the device comprising:
a fourth receiving module, configured to receive a first joining request sent by a terminal to join a peer-to-peer network P2P network; wherein, the first joining request carries authentication information of the terminal;
the joining verification module is used for judging whether the authentication information is set compliance authentication information, if so, searching a target P2P network to which the target network address belongs from the stored network addresses corresponding to the P2P network, and sending network identification information of the target P2P network, the existing terminal identification information added into the target P2P network and joining verification information to the terminal; transmitting the joining verification information to an existing terminal which is joined into the target P2P network; the terminal receives the network identification information, the existing terminal identification information and the joining verification information, and sends a second joining request to a target existing terminal corresponding to target existing terminal identification information in a target P2P network corresponding to the network identification information; and the target existing terminal verifies whether the terminal is allowed to join the target P2P network according to whether the joining verification information carried in the second joining request is consistent with the joining verification information received from the environment-aware server.
In a tenth aspect, the present application provides an electronic device comprising at least a processor and a memory, the processor being adapted to implement the steps of any one of the security authentication methods described above when executing a computer program stored in the memory.
In an eleventh aspect, the present application provides a computer readable storage medium storing a computer program which when executed by a processor implements the steps of any one of the security authentication methods described above.
In a twelfth aspect, the present application provides a computer program product comprising: computer program code which, when run on a computer, causes the computer to perform the steps of the security authentication method as described in any of the preceding.
Because the method and the device can determine the security score value of the terminal based on the environment information of the terminal stored in any other terminal (target other terminal) which is positioned in the same P2P network with the terminal, and further can perform security authentication on the environment information of the terminal based on the security score value, compared with the case that the terminal in the related art needs to send the environment information of the terminal to the environment sensing server across networks and perform security authentication on the environment information of the terminal based on one environment sensing server, on one hand, the method and the device can determine the security score value of the terminal based on any other terminal, and compared with the case that the terminal environment information is only subjected to security authentication based on one environment sensing server in the related art, the single-point fault risk is reduced; on the other hand, because the stability and the instantaneity of the communication based on the P2P network are better than those of the communication based on the cross-network, the method and the device can improve the timeliness and the accuracy of the security authentication of the terminal.
Drawings
In order to more clearly illustrate the embodiments of the present application or the implementation in the related art, a brief description will be given below of the drawings required for the embodiments or the related art descriptions, and it is apparent that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings for those of ordinary skill in the art.
FIG. 1 illustrates a security authentication system schematic diagram provided by some embodiments;
FIG. 2 illustrates a first security authentication process schematic provided by some embodiments;
FIG. 3 illustrates a second security authentication process schematic provided by some embodiments;
FIG. 4 illustrates a third security authentication process schematic provided by some embodiments;
FIG. 5 illustrates a fourth security authentication process schematic provided by some embodiments;
FIG. 6 illustrates a fifth security authentication process schematic provided by some embodiments;
FIG. 7 illustrates a sixth security authentication process schematic provided by some embodiments;
FIG. 8 illustrates a seventh security authentication process schematic provided by some embodiments;
FIG. 9 illustrates an eighth security authentication process schematic provided by some embodiments;
FIG. 10 illustrates a ninth security authentication process schematic provided by some embodiments;
FIG. 11 illustrates a first security authentication device schematic diagram provided by some embodiments;
FIG. 12 illustrates a second security authentication device schematic provided by some embodiments;
FIG. 13 illustrates a third security authentication device schematic diagram provided by some embodiments;
FIG. 14 illustrates a fourth security authentication device schematic diagram provided by some embodiments;
fig. 15 illustrates a schematic structural diagram of an electronic device provided in some embodiments.
Detailed Description
In order to improve timeliness and accuracy of security authentication on a terminal, the application provides a security authentication system, a security authentication method, a security authentication device, security authentication equipment and a security authentication medium.
For purposes of clarity and implementation of the present application, the following description will make clear and complete descriptions of exemplary implementations of the present application with reference to the accompanying drawings in which exemplary implementations of the present application are illustrated, it being apparent that the exemplary implementations described are only some, but not all, of the examples of the present application.
It should be noted that the brief description of the terms in the present application is only for convenience in understanding the embodiments described below, and is not intended to limit the embodiments of the present application. Unless otherwise indicated, these terms should be construed in their ordinary and customary meaning.
The terms "first," second, "" third and the like in the description and in the claims and in the above-described figures are used for distinguishing between similar or similar objects or entities and not necessarily for limiting a particular order or sequence, unless otherwise indicated. It is to be understood that the terms so used are interchangeable under appropriate circumstances.
The terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a product or apparatus that comprises a list of elements is not necessarily limited to all elements explicitly listed, but may include other elements not expressly listed or inherent to such product or apparatus.
The term "module" refers to any known or later developed hardware, software, firmware, artificial intelligence, fuzzy logic, or combination of hardware or/and software code that is capable of performing the function associated with that element.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present application.
The foregoing description, for purposes of explanation, has been presented in conjunction with specific embodiments. However, the illustrative discussions above are not intended to be exhaustive or to limit the embodiments to the precise forms disclosed above. Many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles and the practical application, to thereby enable others skilled in the art to best utilize the embodiments and various embodiments with various modifications as are suited to the particular use contemplated.
Example 1:
fig. 1 illustrates a schematic diagram of a security authentication system provided by some embodiments, the system comprising: a terminal 11, an authentication server 12, and a plurality of other terminals 13 located in the same peer-to-peer network P2P network as the terminal 11;
the terminal 11 is configured to send a first authentication request to a target other terminal 13 in the P2P network when receiving an access request to any application installed in the terminal, where the first authentication request carries identification information of the terminal 11;
the target other terminal 13 is configured to search, according to the identification information, target environmental information corresponding to the terminal 11 of the identification information in the stored environmental information; determining a security score value of the terminal 11 according to whether the target environment information contains the set risk environment information; and transmits the security score value to the terminal 11;
The terminal 11 is further configured to send a second authentication request carrying the security score value to the authentication server 12;
the authentication server 12 is configured to perform security authentication on the environmental information of the terminal 11 according to the security score value and a preset score threshold.
In one possible implementation, the user may initiate an access request to any application installed in the terminal 11 (such as a PC, a mobile terminal, etc.), and in order to perform security authentication on the terminal timely and accurately, the terminal 11 may send an authentication request (referred to as a first authentication request for convenience of description) to all or part of other terminals (referred to as target other terminals for convenience of description) among the plurality of other terminals 13 located in the same P2P network as the terminal 11 itself when receiving the access request. Alternatively, the target other terminal 13 may be any terminal among the plurality of other terminals 13, and it is understood that the target other terminal 13 is a terminal that can normally operate currently without a failure. The first authentication request may carry identification information of the terminal 11 in order to facilitate the other terminal 13 to know which terminal needs to be securely authenticated. The identification information of the terminal 11 may be flexibly set according to the requirement, which is not specifically limited in this application.
In one possible implementation, each terminal (context aware terminal) located in the P2P network has installed therein a program that can collect context information of the terminal itself. For each terminal (environment-aware terminal) located in the same P2P network, each terminal may transmit its own environment information to each other terminal located in the same P2P network according to a set frequency. Or, each terminal may also send the current latest environmental information to each other terminal located in the same P2P network when recognizing that its own environmental information changes. Each terminal stores environment information of other terminals in the same P2P network. The environment information of the terminal 11 may include vulnerability information of the terminal 11, installed program information, file information, access flow information, and the like, for example.
When the target other terminal 13 receives the first authentication request, it may search the stored environmental information for the environmental information corresponding to the terminal 11 of the identification information (referred to as target environmental information for convenience of description) according to the identification information of the terminal 11 carried in the first authentication request, and may determine the security score value of the terminal 11 according to whether the target environmental information includes the set risk environmental information.
In one possible implementation, the risk environment information may include vulnerability information, program information, file information, and access traffic information. The target other terminal 13 may determine the security score value of the terminal 11 based on whether or not there is target risk environment sub-information of each risk type in the target environment information when determining the security score value of the terminal 11 according to whether or not the set risk environment information is included in the target environment information. By way of example, the security score value of the terminal 11 may be determined based on whether unrepaired vulnerability information exists in the target environment information, whether program information that does not allow installation exists (installation), whether virus file information exists, whether traffic attack information exists, and the like.
Specifically, for the risk type information of the vulnerability information, if unrepaired vulnerability information exists in the target environment information, the set lowest sub-score value (such as 0 and the like) can be determined as the sub-score value (called as the first sub-score value for convenience of description) corresponding to the vulnerability information.
Or if unrepaired vulnerability information exists in the target environment information, determining a target score corresponding to each piece of unrepaired vulnerability information based on the corresponding relation between the stored vulnerability information and the score, and then determining the difference between the set highest sub-score value (such as 100 scores) and the target score as a first sub-score value corresponding to the vulnerability information. For example, if the unrepaired vulnerabilities included in the target environment information are respectively a vulnerability a and a vulnerability B, where the target score corresponding to the vulnerability a is 10 points, the target score corresponding to the vulnerability B is 5 points, and the set highest sub-score value is 100 points, then 85 points may be determined as the first sub-score value corresponding to the vulnerability information.
If the target environment information does not contain unrepaired vulnerability information, the set highest sub-score value can be determined as a first sub-score value corresponding to the vulnerability information.
For information of such risk type as program information, if program information that is not allowed to be installed exists (is installed) in the target environment information, a set lowest sub-score value (e.g., 0 or the like) may be determined as a sub-score value (referred to as a second sub-score value for convenience of description) corresponding to the program information.
Or, if the program information which is not allowed to be installed exists (is installed) in the target environment information, the target deduction value corresponding to the existing (installed) program information which is not allowed to be installed can be determined based on the corresponding relation between the stored program information and the deduction value, and then the difference value between the set highest sub-scoring value (such as 100 points) and the target deduction value is determined to be the second sub-scoring value corresponding to the program information. The process of determining the second sub-score value corresponding to the program information is similar to the process of determining the first sub-score value corresponding to the vulnerability information, and will not be described herein.
And if the program information which is not allowed to be installed does not exist (is not installed) in the target environment information, the set highest sub-score value can be determined as a second sub-score value corresponding to the program information.
For the information of the risk type, if the virus file information exists in the target environment information, the set lowest sub-score value (such as 0 and the like) can be determined as the sub-score value (called as a third sub-score value for convenience of description) corresponding to the file information.
Or if the virus file information exists in the target environment information, determining the target deduction value corresponding to the existing virus file information based on the corresponding relation between the stored file information and the deduction value, and then determining the difference between the set highest sub-scoring value (such as 100 points and the like) and the target deduction value as a third sub-scoring value corresponding to the file information. The process of determining the third sub-score value corresponding to the file information is similar to the process of determining the first sub-score value corresponding to the vulnerability information, and will not be described herein.
If the virus file information does not exist in the target environment information, the set highest sub-score value can be determined to be a third sub-score value corresponding to the file information.
For the risk type information of the access traffic information, if traffic attack information exists in the target environment information, the set lowest sub-score value (such as 0 and the like) can be determined as the sub-score value (called as a fourth sub-score value for convenience of description) corresponding to the access traffic information.
Or if the flow attack information exists in the target environment information, the target deduction value corresponding to the existing flow attack information can be determined based on the corresponding relation between the stored attack information (such as attack frequency and the like) and the deduction value, and then the difference between the set highest sub-scoring value (such as 100 points and the like) and the target deduction value is determined to be the fourth sub-scoring value corresponding to the access flow information. The process of determining the fourth sub-score value corresponding to the access traffic information is similar to the process of determining the first sub-score value corresponding to the vulnerability information, and will not be described herein.
If the traffic attack information does not exist in the target environment information, the set highest sub-score value can be determined to be the fourth sub-score value corresponding to the access traffic information.
In a possible implementation manner, after determining the sub-score value (the first sub-score value, the second sub-score value, the third sub-score value, and the fourth sub-score value) corresponding to the target risk environment sub-information of each risk type, the security score value of the terminal 11 may be determined according to the sub-score value corresponding to the target risk environment sub-information of each risk type and the corresponding preset weight coefficient. For each risk type, the product of the sub-score value corresponding to the target risk environment sub-information of the risk type and the corresponding preset weight coefficient may be determined first, and then the sum of the products of the sub-score value corresponding to each risk type and the corresponding preset weight coefficient may be determined as the security score value of the terminal 11. For example, if the weight coefficient corresponding to the risk type of the vulnerability information is represented by the first weight coefficient, the weight coefficient corresponding to the risk type of the program information is represented by the second weight coefficient, the weight coefficient corresponding to the risk type of the file information is represented by the third weight coefficient, and the weight coefficient corresponding to the risk type of the access flow information is represented by the fourth weight coefficient, the security score value of the terminal 11 may be: first sub-score value first weight coefficient + second sub-score value second weight coefficient + third sub-score value third weight coefficient + fourth sub-score value fourth weight coefficient. Wherein, each weight coefficient can be flexibly set according to the requirement, and the application is not particularly limited.
After the target other terminal 13 determines the security score value of the terminal 11, the determined security score value may be transmitted to the terminal 11. After receiving the security score value transmitted from the target other terminal 13, the terminal 11 may transmit an authentication request (referred to as a second authentication request for convenience of description) carrying the security score value to the authentication server 12.
After receiving the second authentication request, the authentication server 12 may perform security authentication on the environmental information of the terminal 11 according to the security score value carried in the second authentication request and a preset score threshold. For example, if the number of the target other terminals 13 is plural, the terminal 11 may send the security scores of the plural target other terminals 13 to the terminal 11 to the authentication server 12, the authentication server 12 may determine first a minimum value or a maximum value or an average value or a sum value, etc. of the security scores of the plural target other terminals 13 to the terminal 11, and then determine whether the minimum value or the maximum value or the average value or the sum value, etc. is greater than a corresponding preset score threshold, and if so, may consider that the environmental information of the terminal 11 is safe, and the security authentication result may be safe; and if the minimum value or the maximum value or the average value or the sum value, etc. are not greater than the corresponding preset score threshold, the environmental information of the terminal 11 may be considered as unsafe, and the security authentication result may be unsafe.
In one possible implementation manner, if the authentication server 12 is secure to the security authentication result of the environment information of the terminal 11, the authentication server 12 may further search the stored security identity information for the security identity information (referred to as the target security identity information for convenience of description) corresponding to the terminal 11 of the identification information according to the identity information (such as the user name and the password input by the user when accessing the application) of the user carried in the second authentication request and the identification information of the terminal 11, and then perform security authentication on the identity information of the terminal 11 by determining whether the identity information of the user carried in the second authentication request is consistent with the target security identity information. For example, when the identity information of the user carried in the second authentication request is consistent with the target security identity information, the identity information is considered to be secure, the security authentication result of the identity information is secure, and the user can be allowed to access the application corresponding to the access request. When the identity information of the user carried in the second authentication request is inconsistent with the target security identity information, the identity information is considered to be unsafe, the security authentication result of the identity information is unsafe, and the user can not be allowed to access the application corresponding to the access request.
The identity information of the user carried in the second authentication request may be information such as a user name and a password, which are input by the user when accessing the application, and when the information such as the user name and the password carried in the second authentication request is completely consistent with the information such as the user name and the password in the target security identity information, the identity information is considered to be secure, and the user may be allowed to access the application corresponding to the access request. When any information of the user name, the password and the like carried in the second authentication request is inconsistent with any information of the user name, the password and the like in the target security identity information, the identity information is considered to be unsafe, and the user is not allowed to access the application corresponding to the access request.
For ease of understanding, the security authentication process provided in the present application is described below by way of one specific embodiment. Fig. 2 illustrates a first security authentication process schematic provided by some embodiments, as shown in fig. 2, including the steps of:
s201: upon receiving an access request to any one of applications installed in the terminal 11 itself, the terminal 11 transmits a first authentication request to a target other terminal 13 located in the same P2P network as the terminal 11 itself, where the first authentication request carries identification information of the terminal 11 itself.
S202: the target other terminal 13 searches the stored environment information for the target environment information corresponding to the terminal 11 of the identification information according to the identification information carried in the first authentication request; determining a security score value of the terminal 11 according to whether the target environment information contains the set risk environment information; and transmits the security score value to the terminal 11 corresponding to the identification information.
S203: the terminal 11 sends a second authentication request carrying the security score value to the authentication server 12.
S204: the authentication server 12 performs security authentication on the environmental information of the terminal 11 according to the security score value and a preset score threshold value; if the security authentication result of the environment information of the terminal 11 is secure, S205 is performed.
S205: the authentication server 12 searches the target security identity information corresponding to the terminal 11 of the identification information according to the identity information of the user, the identification information of the terminal 11 and the stored security identity information carried in the second authentication request; and carrying out security authentication on the identity information of the terminal 11 according to whether the identity information carried in the second authentication request is consistent with the target security identity information.
In one possible implementation manner, in order to perform security authentication on the terminal accurately in time, after the terminal 11 receives the security score values sent by the other target terminals 13, it may be first determined whether each received security score value is higher than a set minimum score threshold value, and if each received security score value is higher than the set minimum score threshold value, a step of sending a second authentication request carrying the security score value to the authentication server 12 may be performed. If any security score value is not higher than the set lowest score threshold value, the subsequent step of sending the second authentication request carrying the security score value to the authentication server 12 may not be performed, the environmental information of the terminal 11 may be directly considered as unsafe, and a preset prompting message may be output to prompt a manager or a user to check the terminal 11.
For ease of understanding, the security authentication process provided in the present application is described below by way of one specific embodiment. Fig. 3 illustrates a second security authentication process schematic provided by some embodiments, as shown in fig. 3, including the steps of:
s301: upon receiving an access request to any one of applications installed in the terminal 11 itself, the terminal 11 transmits a first authentication request to a target other terminal 13 located in the same P2P network as the terminal 11 itself, where the first authentication request carries identification information of the terminal 11 itself.
S302: the target other terminal 13 searches the stored environment information for the target environment information corresponding to the terminal 11 of the identification information according to the identification information carried in the first authentication request; determining a security score value of the terminal 11 according to whether the target environment information contains the set risk environment information; and transmits the security score value to the terminal 11 corresponding to the identification information.
S303: the terminal 11 judges whether the received security score value is higher than the set lowest score threshold, if not, S304 is performed; if yes, S305 is performed.
S304: and outputting preset unsafe prompting information of the environmental information.
S305: the terminal 11 sends a second authentication request carrying the security score value to the authentication server 12.
S306: the authentication server 12 performs security authentication on the environmental information of the terminal 11 according to the security score value and a preset score threshold value; if the security authentication result of the environment information of the terminal 11 is secure, S307 is performed.
S307: the authentication server 12 searches the target security identity information corresponding to the terminal 11 of the identification information according to the identity information of the user, the identification information of the terminal 11 and the stored security identity information carried in the second authentication request; and carrying out security authentication on the identity information of the terminal 11 according to whether the identity information carried in the second authentication request is consistent with the target security identity information.
In the related art, when the environmental information of a certain terminal (environment-aware terminal) has a risk (unsafe), the risk may be rapidly diffused (laterally drifting) to other terminals in the network by means of intranet scanning and the like, so as to further threaten the safety of the whole network. When one terminal in the P2P network has risks, other terminals can quickly sense the risks, and the safety grading value of the terminal with the risks can be set to be the lowest grading value (the lowest grading threshold value) and the like, so that the lateral drifting of the risks is avoided, and the safety of the whole network is ensured to a certain extent.
For ease of understanding, the security authentication process provided in the present application will be described in the following by way of a specific embodiment. Fig. 4 illustrates a third security authentication process schematic provided by some embodiments, as shown in fig. 4, the process including:
the terminal 11 (environment-aware terminal) receives an access request to any application installed in the terminal 11 itself, and the terminal 11 sends a first authentication request to a target other terminal (e.g., the target other terminal 131 and the target other terminal 132) located in the same P2P network as the terminal 11 itself, requesting the target other terminal (the target other terminal 131 and the target other terminal 132) to authenticate whether or not the environment information of the terminal 11 itself is secure. Wherein the first authentication request carries identification information of the terminal 11 itself.
The target other terminals (the target other terminal 131 and the target other terminal 132) search the stored environment information for the target environment information corresponding to the terminal 11 of the identification information according to the identification information carried in the first authentication request; determining a security score value (signature information) of the terminal 11 according to whether the set risk environment information is included in the target environment information; and transmits the security score value to the terminal 11.
The terminal 11 transmits a second authentication request carrying the identity information of the user, the identification information of the terminal 11, and the security score value to the authentication server 12.
The authentication server 12 performs security authentication on the environmental information of the terminal 11 according to the security score value and a preset score threshold value; if the security authentication result of the environmental information of the terminal 11 is security, the authentication server 12 searches the target security identity information corresponding to the terminal 11 of the identification information from the stored security identity information according to the identity information of the user and the identification information of the terminal 11 carried in the second authentication request; and carrying out security authentication on the identity information of the terminal 11 (environment-aware terminal) according to whether the identity information carried in the second authentication request is consistent with the target security identity information.
Because the method and the device can determine the security score value of the terminal based on the environment information of the terminal stored in any other terminal (target other terminal) which is located in the same P2P network with the terminal, and further can perform security authentication on the environment information of the terminal based on the security score value; on the other hand, because the stability and the instantaneity of the communication based on the P2P network are better than those of the communication based on the cross-network, the method and the device can improve the timeliness and the accuracy of the security authentication of the terminal.
In addition, since the terminal (environment-aware terminal) in the related art needs to send the environment information of the terminal to the environment-aware server across the network, as the number of terminals (environment-aware terminals) increases, the number of environment information of the terminals increases, and if the environment information of each terminal needs to be timely sent to the environment-aware server, there is a problem that resources such as network bandwidth need to be laterally expanded continuously. In this application, because the environmental information of the terminal is sent to other terminals located in the same P2P network through the P2P network, in general, the P2P network is built in the intranet, and even if the number of terminals (environmental awareness terminals) added into the same P2P network is continuously increased, it is not necessary to transversely expand resources such as network bandwidth.
In addition, in the related art, the terminal (environment-aware terminal) cannot generally include the access flow information of the terminal in the environment information of the terminal sent to the environment-aware server by crossing networks, but in the application, the environment information of the terminal stored by other terminals located in the same P2P network with the terminal generally includes the access flow information of the terminal, and the other terminals in the application can more accurately determine the security score value of the environment information of the terminal based on the access flow information, so that the accuracy of performing security authentication on the environment information of the terminal can be further improved.
In addition, in the related art, a plurality of devices such as a terminal, an environment sensing server, an authentication server and the like are required to perform security authentication on environment information of the terminal in a cross-network real-time linkage manner, the security authentication process is complex, and the requirements on stability and instantaneity of each device and network are very high. In the method, the security authentication link of the environment information of the terminal can be completed only by the terminal and the authentication server in the P2P network, the security authentication link of the environment information does not need to be linked with the environment perception server, the authentication flow is simple, and the stability and the instantaneity of the authentication flow are guaranteed.
In one possible implementation manner, the system provided by the embodiment of the application may further include an environment-aware server. When the terminal 11 needs to join a certain P2P network, a join request (referred to as a first join request for convenience of description) for joining the P2P network may be sent to the context awareness server. Illustratively, the authentication information of the terminal 11 may be carried in the first joining request. The authentication information of the terminal 11 may include information such as an operating system version, a network address, etc. of the terminal 11.
The context awareness server may receive the first joining request sent by the terminal 11, and determine whether the authentication information carried in the first joining request is set compliance authentication information. Illustratively, when the operating system version of the terminal 11 is a set compliance version, the network address of the terminal 11 is a set compliance address, or the like, the authentication information carried in the first joining request may be considered (determined) as set compliance authentication information. When the operating system version of the terminal 11 is not the set compliance version, or the network address of the terminal 11 is not the set compliance address, the authentication information carried in the first join request may be considered (determined) to be not the set compliance authentication information.
In one possible implementation manner, when the authentication information carried in the first joining request is determined to be the set compliance authentication information, the P2P network (referred to as the target P2P network for convenience of description) to which the target network address belongs may be searched for in the network address corresponding to the stored P2P network according to the network address (referred to as the target network address for convenience of description) in the authentication information, and then the network identification information of the target P2P network, the existing terminal identification information added to the target P2P network, and the joining verification information are sent to the terminal 11. Meanwhile, the joining verification information can also be sent to the existing terminal in the joined target P2P network. The network identification information, the terminal identification information and the joining verification information can be flexibly set according to requirements, which is not particularly limited in the application. Illustratively, the encrypted random string or the like may be carried in the joining verification information.
After receiving the network identification information sent by the context awareness server, the existing terminal identification information in the joined target P2P network, and the joining verification information, the terminal 11 may send a joining request (referred to as a second joining request for convenience of description) to an existing terminal (referred to as a target existing terminal for convenience of description) corresponding to part or all of the existing terminal identification information (referred to as target existing terminal identification information for convenience of description) in the target P2P network corresponding to the network identification information. Alternatively, the second join request may carry the join verification information received from the context awareness server.
The target existing terminal may receive the second join request sent by the terminal 11, and may verify whether to allow the terminal 11 to join the target P2P network after receiving the second join request. Specifically, when verifying whether to allow the terminal 11 to join the target P2P network, it may be determined whether the joining verification information carried in the second joining request is consistent with the joining verification information received by the target existing terminal from the environment-aware server, and if so, the verification result of whether to allow the terminal 11 to join the target P2P network is: allowing the terminal 11 to join the target P2P network; if not, the verification result of whether the terminal 11 is allowed to join the target P2P network is: the terminal 11 is not allowed to join the target P2P network.
In one possible implementation, if the authentication result is to allow the terminal 11 to join the target P2P network, the target existing terminal may send the permission to join information to the terminal 11. The terminal 11 may join the target P2P network upon receiving the joining permission information transmitted by any one of the target existing terminals.
For ease of understanding, the security authentication process provided in the present application is described below by way of one specific embodiment. Fig. 5 illustrates a fourth security authentication process schematic provided by some embodiments, as shown in fig. 5, including the steps of:
S501: the terminal 11 sends a first joining request for joining the P2P network to the environment-aware server; wherein the first joining request carries authentication information of the terminal 11.
S502: the environment sensing server receives a first joining request sent by the terminal 11, judges whether the authentication information is set compliance authentication information, if so, searches a target P2P network to which the target network address belongs in a network address corresponding to the stored P2P network according to the target network address in the authentication information, and sends network identification information of the target P2P network, existing terminal identification information added into the target P2P network and joining verification information to the terminal 11; and sending the joining verification information to the existing terminal joining the target P2P network.
S503: the terminal 11 receives the network identification information of the target P2P network, the existing terminal identification information of the added target P2P network, and the addition verification information sent by the context awareness server, and sends a second addition request to the target existing terminal corresponding to the target existing terminal identification information in the target P2P network corresponding to the network identification information.
S504: and the target existing terminal verifies whether the terminal 11 is allowed to join the target P2P network according to whether the joining verification information carried in the second joining request is consistent with the joining verification information received from the environment-aware server, and if the verification result is that the terminal 11 is allowed to join the target P2P network, the joining permission information is sent to the terminal 11.
S505: if the terminal 11 receives the joining permission information sent by any target existing terminal, it joins the target P2P network.
S506: the terminal 11 transmits its own environment information to a plurality of other terminals 13 located in the same P2P network as the terminal 11.
S507: upon receiving an access request to any one of applications installed in the terminal 11 itself, the terminal 11 transmits a first authentication request to a target other terminal 13 located in the same P2P network as the terminal 11 itself, where the first authentication request carries identification information of the terminal 11 itself.
S508: the target other terminal 13 searches the stored environment information for the target environment information corresponding to the terminal 11 of the identification information according to the identification information carried in the first authentication request; determining a security score value of the terminal 11 according to whether the target environment information contains the set risk environment information; and transmits the security score value to the terminal 11 corresponding to the identification information.
S509: the terminal 11 determines whether the received security score value is higher than a set lowest score threshold, and if not, proceeds to S510; if yes, S511 is performed.
S510: and outputting preset unsafe prompting information of the environmental information.
S511: the terminal 11 sends a second authentication request carrying the security score value to the authentication server 12.
S512: the authentication server 12 performs security authentication on the environmental information of the terminal 11 according to the security score value and a preset score threshold value; if the security authentication result of the environment information of the terminal 11 is secure, S513 is performed.
S513: the authentication server 12 searches the target security identity information corresponding to the terminal 11 of the identification information according to the identity information of the user, the identification information of the terminal 11 and the stored security identity information carried in the second authentication request; and carrying out security authentication on the identity information of the terminal 11 according to whether the identity information carried in the second authentication request is consistent with the target security identity information.
For ease of understanding, the security authentication process provided in the present application will be described in the following by way of a specific embodiment. Fig. 6 illustrates a fifth security authentication process schematic provided by some embodiments, as shown in fig. 6, the process including:
the terminal 11 (environment-aware terminal) sends a first joining request (online request) to join the P2P network to the environment-aware server; wherein the first joining request carries authentication information of the terminal 11.
The environment sensing server receives a first joining request sent by the terminal 11, judges whether the authentication information is set compliance authentication information, if so, searches a target P2P network to which the target network address belongs in a network address corresponding to the stored P2P network according to the target network address in the authentication information, and sends network identification information of the target P2P network, existing terminal identification information added into the target P2P network and joining verification information to the terminal 11; and transmits the joining verification information to the existing terminals (e.g., the target other terminal 131 and the target other terminal 132) in the joined target P2P network.
The terminal 11 receives the network identification information of the target P2P network, the identification information of the existing terminals (e.g., the target other terminal 131 and the target other terminal 132) that have joined in the target P2P network, and the joining verification information, which are sent by the context awareness server, and sends a second joining request to the target existing terminal (e.g., the target other terminal 131 and the target other terminal 132) that corresponds to the target existing terminal identification information in the target P2P network that corresponds to the network identification information.
The target existing terminal (e.g., the target other terminal 131 and the target other terminal 132) verifies whether to allow the terminal 11 to join the target P2P network according to whether the joining verification information carried in the second joining request is consistent with the joining verification information received from the environment-aware server, and if the verification result is that the terminal 11 is allowed to join the target P2P network, the joining permission information is sent to the terminal 11. If the terminal 11 (environment-aware terminal) receives the joining permission information sent by any target existing terminal, it joins the target P2P network. The terminal 11 (environment-aware terminal) transmits its own environment information to a plurality of other terminals (e.g., the target other terminal 131 and the target other terminal 132) located in the same P2P network as the terminal 11. Each terminal in the same P2P network transmits its own environment information to each other terminal.
The terminal in the embodiment of the application only performs one-time interaction with the environment-aware server when requesting to join the P2P network, and does not need to interact with the environment-aware server when performing security authentication on the environment information.
Example 2:
based on the same technical concept, the present application provides a security authentication method, which is applied to a terminal (for convenience of description, referred to as a first terminal), fig. 7 shows a schematic diagram of a sixth security authentication procedure provided in some embodiments, and as shown in fig. 7, the procedure includes:
s701: and when an access request for any application installed in the terminal is received, a first authentication request is sent to a target other terminal in a plurality of other terminals in the same peer-to-peer network P2P network with the terminal, wherein the first authentication request carries identification information of the terminal.
S702: receiving security scoring values sent by other terminals of the target; the security score value is the target environment information corresponding to the terminal of the identification information is searched in the stored environment information according to the identification information by the other target terminals; and determining the security grading value of the terminal according to whether the target environment information contains the set risk environment information.
S703: sending a second authentication request carrying the security scoring value to an authentication server; and enabling the authentication server to perform security authentication on the environment information of the terminal according to the security grading value and a preset grading threshold value.
In a possible implementation manner, after the receiving the security score value sent by the target other terminal, before the sending, to an authentication server, a second authentication request carrying the security score value, the method further includes:
and judging whether the received security score value is higher than a set lowest score threshold value, if so, carrying out the subsequent step of sending a second authentication request carrying the security score value to an authentication server.
In one possible implementation manner, before the sending the first authentication request to the target other terminal of the plurality of other terminals located in the same peer-to-peer network P2P network as the terminal, the method further includes:
sending a first joining request for joining the P2P network to the environment-aware server; wherein, the first joining request carries authentication information of the terminal;
receiving network identification information of a target P2P network, existing terminal identification information added into the target P2P network and verification information sent by an environment perception server; the network identification information of the target P2P network, the existing terminal identification information added into the target P2P network and the addition verification information are sent when the environment awareness server judges that the authentication information is set compliance authentication information and searches the target P2P network to which the target network address belongs in the network address corresponding to the stored P2P network according to the target network address in the authentication information;
Sending a second joining request to a target existing terminal corresponding to target existing terminal identification information in a target P2P network corresponding to the network identification information; and the target existing terminal verifies whether the terminal is allowed to join the target P2P network according to whether the joining verification information carried in the second joining request is consistent with the joining verification information received from the environment-aware server.
In one possible embodiment, the method further comprises:
and if receiving the joining permission information sent by any target existing terminal, joining the target P2P network.
In one possible embodiment, the method further comprises:
and sending the terminal self environment information to each other terminal in the same peer-to-peer network P2P network with the terminal.
Example 3:
based on the same technical concept, the present application provides a security authentication method, which is applied to a terminal (for convenience of description, referred to as a second terminal), fig. 8 shows a schematic diagram of a seventh security authentication procedure provided in some embodiments, and as shown in fig. 8, the procedure includes:
s801: and receiving a first authentication request, wherein the first authentication request is sent by a first terminal in the same peer-to-peer network P2P network as the second terminal when receiving an access request to any application installed in the first terminal, and the first authentication request carries identification information of the first terminal.
S802: searching target environment information corresponding to the terminal of the identification information in the stored environment information according to the identification information; determining a security grading value of the first terminal according to whether the target environment information contains set risk environment information or not; and sending the security score value to the first terminal; the first terminal sends a second authentication request carrying the security credit value to an authentication server; and enabling the authentication server to perform security authentication on the environment information of the first terminal according to the security grading value and a preset grading threshold value.
In one possible embodiment, the method further comprises:
receiving a second joining request, wherein the second joining request is sent by the first terminal when receiving network identification information of a target P2P network, existing terminal identification information added into the target P2P network and joining verification information sent by an environment awareness server; the network identification information of the target P2P network, the existing terminal identification information added to the target P2P network and the addition verification information are sent when the environment awareness server receives a first addition request sent by the first terminal and added to the P2P network, judges that authentication information of the terminal carried in the first addition request is set compliance authentication information, and searches a target P2P network to which the target network address belongs from network addresses corresponding to the stored P2P network according to the target network address in the authentication information;
And verifying whether the terminal is allowed to join the target P2P network according to whether the joining verification information carried in the second joining request is consistent with the joining verification information received from the environment-aware server.
In one possible embodiment, the method further comprises:
and if the verification result is that the first terminal is allowed to join the target P2P network, sending information allowing the first terminal to join.
In one possible implementation manner, the determining the security score value of the first terminal according to whether the target environment information includes the set risk environment information includes:
judging whether target risk environment sub-information of each risk type exists in the target environment information according to the information of each risk type contained in the risk environment information; if not, determining the set highest sub-score value as a sub-score value corresponding to the target risk environment sub-information of the risk type; if the target risk environment sub-information of the risk type exists in the target environment information, determining the set lowest sub-score value as the sub-score value corresponding to the target risk environment sub-information of the risk type; or if the target risk environment information of the risk type exists in the target risk environment information, determining a target deduction value corresponding to the target risk environment information of the risk type based on the corresponding relation between the stored risk environment information of the risk type and the deduction value, and determining a sub-credit value corresponding to the target risk environment information of the risk type based on the set highest sub-credit value and the target deduction value;
And determining the security grading value of the terminal according to the corresponding sub grading value of the target risk environment sub information of each risk type and the corresponding preset weight coefficient.
Example 4:
based on the same technical concept, the present application provides a security authentication method, which is applied to a server (for convenience of description, referred to as an authentication server), and fig. 9 shows a schematic diagram of an eighth security authentication process provided by some embodiments, as shown in fig. 9, and the process includes:
s901: receiving a second authentication request carrying a security grading value sent by a terminal; the second authentication request is sent by the terminal when the terminal receives security credit values sent by target other terminals of a plurality of other terminals located in the same peer-to-peer network P2P with the terminal; the security score value is that when the terminal receives an access request of any application installed in the terminal, a first authentication request is sent to other target terminals, and the other target terminals search for target environment information corresponding to the terminal of the identification information in the stored environment information according to the identification information of the terminal carried in the first authentication request; and determining the security grading value of the terminal according to whether the target environment information contains the set risk environment information.
S902: and carrying out security authentication on the environment information of the terminal according to the security grading value and a preset grading threshold value.
In one possible embodiment, the method further comprises:
if the security authentication result of the environment information of the terminal is security, searching target security identity information corresponding to the terminal of the identification information according to the identity information of the user, the identification information of the terminal and the stored security identity information carried in the second authentication request; and carrying out security authentication on the identity information of the terminal according to whether the identity information is consistent with the target security identity information.
Example 5:
based on the same technical concept, the present application provides a security authentication method, which is applied to a server (for convenience of description, referred to as an environment-aware server), and fig. 10 shows a schematic diagram of a ninth security authentication process provided by some embodiments, as shown in fig. 10, and the process includes:
s1001: receiving a first joining request which is sent by a terminal and joins a peer-to-peer network P2P network; the first joining request carries authentication information of the terminal.
S1002: judging whether the authentication information is set compliance authentication information, if so, searching a target P2P network to which the target network address belongs from a network address corresponding to a stored P2P network according to the target network address in the authentication information, and sending network identification information of the target P2P network, existing terminal identification information added into the target P2P network and addition verification information to the terminal; transmitting the joining verification information to an existing terminal which is joined into the target P2P network; the terminal receives the network identification information, the existing terminal identification information and the joining verification information, and sends a second joining request to a target existing terminal corresponding to target existing terminal identification information in a target P2P network corresponding to the network identification information; and the target existing terminal verifies whether the terminal is allowed to join the target P2P network according to whether the joining verification information carried in the second joining request is consistent with the joining verification information received from the environment-aware server.
Example 6:
based on the same technical concept, the present application provides a security authentication device, which is applied to a first terminal, fig. 11 shows a schematic diagram of the first security authentication device provided in some embodiments, and as shown in fig. 11, the device includes:
a first sending module 111, configured to send, when receiving an access request for any application installed in a terminal, a first authentication request to a target other terminal among a plurality of other terminals located in a peer-to-peer network P2P network with the terminal, where the first authentication request carries identification information of the terminal;
a first receiving module 112, configured to receive a security score value sent by the other target terminal; the security score value is the target environment information corresponding to the terminal of the identification information is searched in the stored environment information according to the identification information by the other target terminals; determining a security scoring value of the terminal according to whether the target environment information contains set risk environment information or not;
a second sending module 113, configured to send a second authentication request carrying the security score value to an authentication server; and enabling the authentication server to perform security authentication on the environment information of the terminal according to the security grading value and a preset grading threshold value.
In a possible implementation manner, the second sending module 113 is further configured to determine whether the received security score value is higher than a set minimum score threshold, and if so, perform the subsequent step of sending, to the authentication server, a second authentication request carrying the security score value.
In a possible implementation manner, the first sending module 111 is further configured to send a first joining request for joining the P2P network to the context awareness server; wherein, the first joining request carries authentication information of the terminal;
the first receiving module 112 is further configured to receive network identification information of a target P2P network, existing terminal identification information added to the target P2P network, and addition verification information sent by the context awareness server; the network identification information of the target P2P network, the existing terminal identification information added into the target P2P network and the addition verification information are sent when the environment awareness server judges that the authentication information is set compliance authentication information and searches the target P2P network to which the target network address belongs in the network address corresponding to the stored P2P network according to the target network address in the authentication information;
The first sending module 111 is further configured to send a second join request to a target existing terminal corresponding to target existing terminal identification information in the target P2P network corresponding to the network identification information; and the target existing terminal verifies whether the terminal is allowed to join the target P2P network according to whether the joining verification information carried in the second joining request is consistent with the joining verification information received from the environment-aware server.
In a possible implementation manner, the first receiving module 112 is further configured to join the target P2P network if receiving the joining permission information sent by any target existing terminal.
In a possible implementation manner, the first sending module 111 is further configured to send the terminal self-environment information to each other terminal located in the same peer-to-peer network P2P network as the terminal.
Example 7:
based on the same technical concept, the present application provides a security authentication device, which is applied to a second terminal, and fig. 12 shows a schematic diagram of the second security authentication device provided in some embodiments, and as shown in fig. 12, the device includes:
a second receiving module 121, configured to receive a first authentication request, where the first authentication request is sent by a first terminal in the peer-to-peer network P2P network that is located in the same peer-to-peer network as the second terminal when receiving an access request to any application installed in the first terminal, and the first authentication request carries identification information of the first terminal;
A first determining module 122, configured to search, according to the identification information, target environment information corresponding to a terminal of the identification information in the stored environment information; determining a security grading value of the first terminal according to whether the target environment information contains set risk environment information or not; and sending the security score value to the first terminal; the first terminal sends a second authentication request carrying the security credit value to an authentication server; and enabling the authentication server to perform security authentication on the environment information of the first terminal according to the security grading value and a preset grading threshold value.
In a possible implementation manner, the second receiving module 121 is further configured to receive a second join request, where the second join request is sent by the first terminal when receiving network identification information of a target P2P network sent by the context awareness server, existing terminal identification information that has joined in the target P2P network, and join verification information; the network identification information of the target P2P network, the existing terminal identification information added to the target P2P network and the addition verification information are sent when the environment awareness server receives a first addition request sent by the first terminal and added to the P2P network, judges that authentication information of the terminal carried in the first addition request is set compliance authentication information, and searches a target P2P network to which the target network address belongs from network addresses corresponding to the stored P2P network according to the target network address in the authentication information;
And verifying whether the terminal is allowed to join the target P2P network according to whether the joining verification information carried in the second joining request is consistent with the joining verification information received from the environment-aware server.
In a possible implementation manner, the first determining module 122 is further configured to send permission joining information to the first terminal if the verification result is that the first terminal is permitted to join the target P2P network.
In a possible implementation manner, the first determining module 122 is specifically configured to determine, for each risk type of information included in the risk environment information, whether there is target risk environment sub-information of the risk type in the target environment information; if not, determining the set highest sub-score value as a sub-score value corresponding to the target risk environment sub-information of the risk type; if the target risk environment sub-information of the risk type exists in the target environment information, determining the set lowest sub-score value as the sub-score value corresponding to the target risk environment sub-information of the risk type; or if the target risk environment information of the risk type exists in the target risk environment information, determining a target deduction value corresponding to the target risk environment information of the risk type based on the corresponding relation between the stored risk environment information of the risk type and the deduction value, and determining a sub-credit value corresponding to the target risk environment information of the risk type based on the set highest sub-credit value and the target deduction value;
And determining the security grading value of the terminal according to the corresponding sub grading value of the target risk environment sub information of each risk type and the corresponding preset weight coefficient.
Example 8:
based on the same technical concept, the present application provides a security authentication device, which is applied to an authentication server, fig. 13 shows a schematic diagram of a third security authentication device provided in some embodiments, and as shown in fig. 13, the device includes:
a third receiving module 1301, configured to receive a second authentication request carrying a security score value sent by a terminal; the second authentication request is sent by the terminal when the terminal receives security credit values sent by target other terminals of a plurality of other terminals located in the same peer-to-peer network P2P with the terminal; the security score value is that when the terminal receives an access request of any application installed in the terminal, a first authentication request is sent to other target terminals, and the other target terminals search for target environment information corresponding to the terminal of the identification information in the stored environment information according to the identification information of the terminal carried in the first authentication request; determining a security scoring value of the terminal according to whether the target environment information contains set risk environment information or not;
And the authentication module 1302 is configured to perform security authentication on the environmental information of the terminal according to the security score value and a preset score threshold value.
In a possible implementation manner, the authentication module 1302 is further configured to, if the security authentication result of the environmental information of the terminal is secure, search, according to the identity information of the user and the identification information of the terminal carried in the second authentication request, and the stored security identity information, the target security identity information corresponding to the terminal of the identification information; and carrying out security authentication on the identity information of the terminal according to whether the identity information is consistent with the target security identity information.
Example 9:
based on the same technical concept, the present application provides a security authentication device applied to an environment-aware server, and fig. 14 shows a schematic diagram of a fourth security authentication device provided in some embodiments, as shown in fig. 14, and the device includes:
a fourth receiving module 141, configured to receive a first joining request sent by a terminal to join a peer-to-peer network P2P network; wherein, the first joining request carries authentication information of the terminal;
the joining verification module 142 is configured to determine whether the authentication information is set compliance authentication information, if yes, find a target P2P network to which the target network address belongs from the stored network addresses corresponding to the P2P network, and send network identification information of the target P2P network, existing terminal identification information added to the target P2P network, and joining verification information to the terminal; transmitting the joining verification information to an existing terminal which is joined into the target P2P network; the terminal receives the network identification information, the existing terminal identification information and the joining verification information, and sends a second joining request to a target existing terminal corresponding to target existing terminal identification information in a target P2P network corresponding to the network identification information; and the target existing terminal verifies whether the terminal is allowed to join the target P2P network according to whether the joining verification information carried in the second joining request is consistent with the joining verification information received from the environment-aware server.
Example 10:
based on the same technical concept, the present application further provides an electronic device, and fig. 15 shows a schematic structural diagram of an electronic device provided by some embodiments, as shown in fig. 15, including: processor 151, communication interface 152, memory 153 and communication bus 154, wherein processor 151, communication interface 152, memory 153 complete the communication between each other through communication bus 154;
the memory 153 has stored therein a computer program which, when executed by the processor 151, causes the processor 151 to perform the steps of any of the security authentication methods described above.
The communication bus mentioned above for the electronic devices may be a peripheral component interconnect standard (Peripheral Component Interconnect, PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, etc. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.
The communication interface 152 is used for communication between the electronic device and other devices.
The Memory may include random access Memory (Random Access Memory, RAM) or may include Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.
The processor may be a general-purpose processor, including a central processing unit, a network processor (Network Processor, NP), etc.; but also digital instruction processors (Digital Signal Processing, DSP), application specific integrated circuits, field programmable gate arrays or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
Example 11:
based on the same technical idea, the embodiments of the present application provide a computer readable storage medium, in which a computer program executable by an electronic device is stored, which when executed on the electronic device, causes the electronic device to implement the steps of any one of the security authentication methods described above.
The computer readable storage medium may be any available medium or data storage device that can be accessed by a processor in an electronic device, including but not limited to magnetic memories such as floppy disks, hard disks, magnetic tapes, magneto-optical disks (MO), etc., optical memories such as CD, DVD, BD, HVD, etc., and semiconductor memories such as ROM, EPROM, EEPROM, nonvolatile memories (NAND FLASH), solid State Disks (SSD), etc.
Based on the same technical idea, the present application provides a computer program product comprising: computer program code which, when run on a computer, causes the computer to perform the steps of the security authentication method as described in any of the preceding.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof, and may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions that, when loaded and executed on a computer, fully or partially produce a process or function in accordance with embodiments of the present application.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present application without departing from the spirit or scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims and the equivalents thereof, the present application is intended to cover such modifications and variations.

Claims (12)

1. A security authentication system, the system comprising: a terminal, an authentication server and a plurality of other terminals in the same peer-to-peer network P2P network with the terminal;
the terminal is used for sending a first authentication request to other target terminals in the P2P network when receiving an access request to any application installed in the terminal, wherein the first authentication request carries identification information of the terminal;
The target other terminals are used for searching the target environment information corresponding to the terminal of the identification information in the stored environment information according to the identification information; determining a security grading value of the terminal according to whether the target environment information contains the set risk environment information; and sending the security score to the terminal;
the terminal is further configured to send a second authentication request carrying the security score value to the authentication server;
and the authentication server is used for carrying out security authentication on the environment information of the terminal according to the security grading value and a preset grading threshold value.
2. The system of claim 1, wherein the terminal is further configured to determine whether the received security score value is higher than a set minimum score threshold, and if so, perform the step of sending a second authentication request carrying the security score value to the authentication server.
3. The system of claim 1, wherein the authentication server is further configured to, if the security authentication result of the environmental information of the terminal is secure, search for target security identity information corresponding to the terminal of the identification information according to the identity information of the user and the identification information of the terminal carried in the second authentication request, and the stored security identity information; and carrying out security authentication on the identity information of the terminal according to whether the identity information is consistent with the target security identity information.
4. The system of claim 1, wherein the target other terminal is all or part of the plurality of other terminals.
5. The system of claim 1, wherein the system further comprises: an environment-aware server;
the terminal is further configured to send a first joining request for joining a P2P network to the context awareness server; wherein, the first joining request carries authentication information of the terminal;
the environment awareness server is configured to receive the first joining request sent by the terminal, determine whether the authentication information is set compliance authentication information, if yes, find a target P2P network to which the target network address belongs from network addresses corresponding to stored P2P networks according to the target network address in the authentication information, and send network identification information of the target P2P network, existing terminal identification information added to the target P2P network, and joining verification information to the terminal; transmitting the joining verification information to an existing terminal which is joined into the target P2P network;
the terminal is further configured to receive the network identification information, the existing terminal identification information, and the joining verification information, and send a second joining request to a target existing terminal corresponding to target existing terminal identification information in a target P2P network corresponding to the network identification information;
And the target existing terminal is used for verifying whether the terminal is allowed to join the target P2P network according to whether the joining verification information carried in the second joining request is consistent with the joining verification information received from the environment-aware server.
6. The system of claim 5, wherein the target existing terminal is further configured to send permission to join information to the terminal if the verification result is that the terminal is permitted to join the target P2P network;
and the terminal is also used for joining the target P2P network if receiving the joining permission information sent by any target existing terminal.
7. The system according to any of claims 1-6, wherein the terminal is further configured to send self-environment information to the plurality of other terminals.
8. The system according to claim 1, wherein the target other terminal is specifically configured to determine, for each risk type of information included in the risk environment information, whether there is target risk environment sub-information of the risk type in the target environment information; if not, determining the set highest sub-score value as a sub-score value corresponding to the target risk environment sub-information of the risk type; if the target risk environment sub-information of the risk type exists in the target environment information, determining the set lowest sub-score value as the sub-score value corresponding to the target risk environment sub-information of the risk type; or if the target risk environment information of the risk type exists in the target risk environment information, determining a target deduction value corresponding to the target risk environment information of the risk type based on the corresponding relation between the stored risk environment information of the risk type and the deduction value, and determining a sub-credit value corresponding to the target risk environment information of the risk type based on the set highest sub-credit value and the target deduction value;
And determining the security grading value of the terminal according to the corresponding sub grading value of the target risk environment sub information of each risk type and the corresponding preset weight coefficient.
9. A security authentication method, wherein the method is applied to a first terminal, the method comprising:
when an access request for any application installed in a terminal is received, a first authentication request is sent to a target other terminal in a plurality of other terminals in the same peer-to-peer network P2P network with the terminal, wherein the first authentication request carries identification information of the terminal;
receiving security scoring values sent by other terminals of the target; the security score value is the target environment information corresponding to the terminal of the identification information is searched in the stored environment information according to the identification information by the other target terminals; determining a security scoring value of the terminal according to whether the target environment information contains set risk environment information or not;
sending a second authentication request carrying the security scoring value to an authentication server; and enabling the authentication server to perform security authentication on the environment information of the terminal according to the security grading value and a preset grading threshold value.
10. A security authentication method, wherein the method is applied to a second terminal, the method comprising:
receiving a first authentication request, wherein the first authentication request is sent by a first terminal in the same peer-to-peer network P2P network as the second terminal when receiving an access request to any application installed in the first terminal, and the first authentication request carries identification information of the first terminal;
searching target environment information corresponding to the terminal of the identification information in the stored environment information according to the identification information; determining a security grading value of the first terminal according to whether the target environment information contains set risk environment information or not; and sending the security score value to the first terminal; the first terminal sends a second authentication request carrying the security credit value to an authentication server; and enabling the authentication server to perform security authentication on the environment information of the first terminal according to the security grading value and a preset grading threshold value.
11. A security authentication method, the method being applied to an authentication server, the method comprising:
Receiving a second authentication request carrying a security grading value sent by a terminal; the second authentication request is sent by the terminal when the terminal receives security credit values sent by target other terminals of a plurality of other terminals located in the same peer-to-peer network P2P with the terminal; the security score value is that when the terminal receives an access request of any application installed in the terminal, a first authentication request is sent to other target terminals, and the other target terminals search for target environment information corresponding to the terminal of the identification information in the stored environment information according to the identification information of the terminal carried in the first authentication request; determining a security scoring value of the terminal according to whether the target environment information contains set risk environment information or not;
and carrying out security authentication on the environment information of the terminal according to the security grading value and a preset grading threshold value.
12. A security authentication method, wherein the method is applied to an environment-aware server, the method comprising:
receiving a first joining request which is sent by a terminal and joins a peer-to-peer network P2P network; wherein, the first joining request carries authentication information of the terminal;
Judging whether the authentication information is set compliance authentication information, if so, searching a target P2P network to which the target network address belongs from a network address corresponding to a stored P2P network according to the target network address in the authentication information, and sending network identification information of the target P2P network, existing terminal identification information added into the target P2P network and addition verification information to the terminal; transmitting the joining verification information to an existing terminal which is joined into the target P2P network; the terminal receives the network identification information, the existing terminal identification information and the joining verification information, and sends a second joining request to a target existing terminal corresponding to target existing terminal identification information in a target P2P network corresponding to the network identification information; and the target existing terminal verifies whether the terminal is allowed to join the target P2P network according to whether the joining verification information carried in the second joining request is consistent with the joining verification information received from the environment-aware server.
CN202210307046.2A 2022-03-25 2022-03-25 Security authentication system and method Active CN114710340B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210307046.2A CN114710340B (en) 2022-03-25 2022-03-25 Security authentication system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210307046.2A CN114710340B (en) 2022-03-25 2022-03-25 Security authentication system and method

Publications (2)

Publication Number Publication Date
CN114710340A CN114710340A (en) 2022-07-05
CN114710340B true CN114710340B (en) 2023-05-23

Family

ID=82171604

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210307046.2A Active CN114710340B (en) 2022-03-25 2022-03-25 Security authentication system and method

Country Status (1)

Country Link
CN (1) CN114710340B (en)

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004259020A (en) * 2003-02-26 2004-09-16 Kyocera Communication Systems Co Ltd Authentication system, program, storage medium, and authentication method
CN106790198A (en) * 2016-12-30 2017-05-31 北京神州绿盟信息安全科技股份有限公司 A kind of method for evaluating information system risk and system
CN108924120A (en) * 2018-06-28 2018-11-30 电子科技大学 A kind of dynamic accesses control method of multi-dimensional state perception
WO2019103707A1 (en) * 2017-11-27 2019-05-31 Sagiroglu Zahid A credibility evaluation system and method
CN110889710A (en) * 2019-12-04 2020-03-17 腾讯科技(深圳)有限公司 Device information management method, server, and storage medium
CN111131235A (en) * 2019-12-23 2020-05-08 杭州安恒信息技术股份有限公司 Safety maintenance method, device, equipment and storage medium of business system
CN111917714A (en) * 2020-06-18 2020-11-10 云南电网有限责任公司信息中心 Zero trust architecture system and use method thereof
CN111935165A (en) * 2020-08-14 2020-11-13 中国工商银行股份有限公司 Access control method, device, electronic device and medium
CN111953633A (en) * 2019-05-15 2020-11-17 北京奇安信科技有限公司 Access control method and access control device based on terminal environment
CN113312674A (en) * 2021-06-18 2021-08-27 北京泰立鑫科技有限公司 Access security method and system based on multi-factor environment perception digital certificate
JP2021125115A (en) * 2020-02-07 2021-08-30 グローリー株式会社 Identity verification/authentication system and identity verification/authentication method
CN113326516A (en) * 2021-04-22 2021-08-31 远光软件股份有限公司 Block chain consensus method, block chain system and computer equipment
CN114024704A (en) * 2020-10-28 2022-02-08 北京八分量信息科技有限公司 Certificate distribution method in zero trust architecture
CN114157472A (en) * 2021-11-29 2022-03-08 深信服科技股份有限公司 Network access control method, device, equipment and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10110585B2 (en) * 2016-12-31 2018-10-23 Entefy Inc. Multi-party authentication in a zero-trust distributed system

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004259020A (en) * 2003-02-26 2004-09-16 Kyocera Communication Systems Co Ltd Authentication system, program, storage medium, and authentication method
CN106790198A (en) * 2016-12-30 2017-05-31 北京神州绿盟信息安全科技股份有限公司 A kind of method for evaluating information system risk and system
WO2019103707A1 (en) * 2017-11-27 2019-05-31 Sagiroglu Zahid A credibility evaluation system and method
CN108924120A (en) * 2018-06-28 2018-11-30 电子科技大学 A kind of dynamic accesses control method of multi-dimensional state perception
CN111953633A (en) * 2019-05-15 2020-11-17 北京奇安信科技有限公司 Access control method and access control device based on terminal environment
CN110889710A (en) * 2019-12-04 2020-03-17 腾讯科技(深圳)有限公司 Device information management method, server, and storage medium
CN111131235A (en) * 2019-12-23 2020-05-08 杭州安恒信息技术股份有限公司 Safety maintenance method, device, equipment and storage medium of business system
JP2021125115A (en) * 2020-02-07 2021-08-30 グローリー株式会社 Identity verification/authentication system and identity verification/authentication method
CN111917714A (en) * 2020-06-18 2020-11-10 云南电网有限责任公司信息中心 Zero trust architecture system and use method thereof
CN111935165A (en) * 2020-08-14 2020-11-13 中国工商银行股份有限公司 Access control method, device, electronic device and medium
CN114024704A (en) * 2020-10-28 2022-02-08 北京八分量信息科技有限公司 Certificate distribution method in zero trust architecture
CN113326516A (en) * 2021-04-22 2021-08-31 远光软件股份有限公司 Block chain consensus method, block chain system and computer equipment
CN113312674A (en) * 2021-06-18 2021-08-27 北京泰立鑫科技有限公司 Access security method and system based on multi-factor environment perception digital certificate
CN114157472A (en) * 2021-11-29 2022-03-08 深信服科技股份有限公司 Network access control method, device, equipment and storage medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
基于区块链的电力系统安全稳定控制终端身份认证;陈汹;朱钰;封科;于同伟;;广西师范大学学报(自然科学版)(02);第8-18页 *
基于零信任安全架构的机场网络安全防护方案;钟翔;郭玮;马勇;王明;;民航学报(03);第114-117页 *
基于零信任打造封闭访问空间;王刚;张英涛;杨正权;;信息安全与通信保密(08);第78-86页 *

Also Published As

Publication number Publication date
CN114710340A (en) 2022-07-05

Similar Documents

Publication Publication Date Title
US11109229B2 (en) Security for network computing environment using centralized security system
US10248782B2 (en) Systems and methods for access control to web applications and identification of web browsers
KR20200085899A (en) Identity verification method and apparatus
US9112828B2 (en) Method for defending against session hijacking attacks and firewall
US10063577B2 (en) Securing deployments using command analytics
US8949995B2 (en) Certifying server side web applications against security vulnerabilities
US10715547B2 (en) Detecting “man-in-the-middle” attacks
CN108989468B (en) Trust network construction method and device
US11792194B2 (en) Microsegmentation for serverless computing
CN107396364B (en) Method and equipment for carrying out wireless connection pre-authorization on user equipment
US20220201041A1 (en) Administrative policy override in microsegmentation
CN115996122A (en) Access control method, device and system
CN102045310B (en) Industrial Internet intrusion detection as well as defense method and device
CN114710340B (en) Security authentication system and method
CN111597537B (en) Block chain network-based certificate issuing method, related equipment and medium
CN105812380A (en) Verification method and device
CN111314348A (en) Method and device for establishing trust degree model, trust evaluation and equipment authentication
US20200374318A1 (en) Information sharing with enhanced security
CN111639307B (en) Trusted resource authorization system, software trusted authentication system and method thereof
CN114978544A (en) Access authentication method, device, system, electronic equipment and medium
CN114567678A (en) Resource calling method and device of cloud security service and electronic equipment
KR102373593B1 (en) The method for managing node to serve trust network based on block-chain
US20170149831A1 (en) Apparatus and method for verifying detection rule
CN111107078A (en) Application access method, robot control unit, server and storage medium
CN111953637A (en) Application service method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant