CN114900374B - Intelligent remote network resource intercommunication deployment method, system and cloud platform - Google Patents

Intelligent remote network resource intercommunication deployment method, system and cloud platform Download PDF

Info

Publication number
CN114900374B
CN114900374B CN202210820179.XA CN202210820179A CN114900374B CN 114900374 B CN114900374 B CN 114900374B CN 202210820179 A CN202210820179 A CN 202210820179A CN 114900374 B CN114900374 B CN 114900374B
Authority
CN
China
Prior art keywords
encryption
encryption configuration
information
network
network authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210820179.XA
Other languages
Chinese (zh)
Other versions
CN114900374A (en
Inventor
张纯兵
邱醒龙
郭双凤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yichen Shenzhen Technology Co ltd
Original Assignee
Yichen Shenzhen Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yichen Shenzhen Technology Co ltd filed Critical Yichen Shenzhen Technology Co ltd
Priority to CN202210820179.XA priority Critical patent/CN114900374B/en
Publication of CN114900374A publication Critical patent/CN114900374A/en
Application granted granted Critical
Publication of CN114900374B publication Critical patent/CN114900374B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The invention provides an intelligent allopatric network resource intercommunication deployment method, a system and a cloud platform, after network authentication information configured by a main network service terminal is obtained, the network authentication information can be issued to a sub-network service terminal according to service topology information, and a network security channel between a target computer terminal and the main network service terminal can be established according to network authentication information corresponding to an authentication user login request sent by the target sub-network service terminal, so that the target computer terminal is connected with network resources of the main network service terminal through the network security channel, when an IP address of the main network service terminal is updated, network authentication update information sent by the main network service terminal is obtained, and the network authentication update information is distributed to the sub-network service terminal. Therefore, an intelligent allopatric network security channel can be constructed through the cloud platform and the network service terminal, and the updating, distribution and authentication work of the network authentication information can be automatically completed.

Description

Intelligent remote network resource intercommunication deployment method and system and cloud platform
Technical Field
The invention relates to the technical field of remote network configuration, in particular to an intelligent remote network resource intercommunication deployment method, system and cloud platform.
Background
At present, the work in different places becomes a new trend; however, the outstanding problems in off-site office are the security of data, and the problem of network interworking.
The technologies for realizing network intercommunication are various, such as a network dedicated line, an enterprise VPN dedicated line, SDN, SD-WAN and the like, and can well help enterprises to realize the secure exchange of data and get through channels of different-place networks. However, in the prior art, the deployment difficulty is large for a single user.
Disclosure of Invention
In order to overcome at least the above disadvantages in the prior art, the present invention aims to provide an intelligent allopatric network resource interworking deployment method, system and cloud platform.
In a first aspect, the present invention provides an intelligent allopatric network resource interworking deployment method, which is applied to a cloud platform, wherein the cloud platform is in communication connection with a plurality of network service terminals, and the method includes:
the cloud platform acquires network service terminal information bound by each service user, wherein the network service terminal information comprises service topology information of a total network service terminal and a sub-network service terminal;
the cloud platform acquires network authentication information configured by the total network service terminal and issues the network authentication information to the sub-network service terminal according to the service topology information;
when an authentication user login request sent by a target computer terminal through a target sub-network service terminal is obtained, network authentication information corresponding to the authentication user login request is obtained, and a network security channel between the target computer terminal and the main network service terminal is established according to the network authentication information, so that the target computer terminal is connected with network resources of the main network service terminal through the network security channel, wherein the network security channel adopts a VPN channel;
and when the IP address of the main network service terminal is updated, acquiring network authentication update information sent by the main network service terminal, and distributing the network authentication update information to the sub-network service terminals.
In a second aspect, an embodiment of the present invention further provides an intelligent allopatric network resource interworking deployment device, which is applied to a cloud platform communicating with a network service terminal, where the device includes:
the system comprises an acquisition module, a service module and a service module, wherein the acquisition module is used for acquiring network service terminal information bound by each service user, and the network service terminal information comprises service topology information of a total network service terminal and a sub-network service terminal;
the issuing module is used for acquiring network authentication information configured by the main network service terminal and issuing the network authentication information to the sub-network service terminal according to the service topology information so as to establish a network security channel between the sub-network service terminal and the main network service terminal;
the system comprises an establishing module, a network security channel establishing module and a network resource establishing module, wherein the establishing module is used for acquiring an authentication user login request sent by a target computer terminal through a target sub-network service terminal, acquiring an authentication certificate corresponding to the authentication user login request, and establishing the network security channel between the target computer terminal and the main network service terminal according to the authentication certificate so as to enable the target computer terminal to be connected with the network resource of the main network service terminal through the network security channel;
and the distribution module is used for acquiring the network authentication update information sent by the total network service terminal when the IP address of the total network service terminal is updated, and distributing the network authentication update information to the sub-network service terminals.
In a third aspect, an embodiment of the present invention further provides a cloud platform, where the cloud platform includes a processor, a machine-readable storage medium, and a network interface, where the machine-readable storage medium, the network interface, and the processor are connected through a bus system, the network interface is used for being in communication connection with at least one network service terminal, the machine-readable storage medium is used for storing a program, and the processor is used for executing the program in the machine-readable storage medium to execute the intelligent allopatric network resource interworking deployment method in the first aspect or any one of the first aspects.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed, the computer is caused to execute the method for interworking and deployment of intelligent allopatric network resources in the foregoing first aspect or any one of the first aspect.
Based on any one of the above aspects, in the embodiment of the present invention, after the network authentication information configured by the total network service terminal is obtained, the network authentication information may be issued to the sub-network service terminal according to the service topology information, and a network security channel between the target computer terminal and the total network service terminal may be established according to the network authentication information corresponding to the authenticated user login request sent by the target sub-network service terminal, so that the target computer terminal is connected to the network resource of the total network service terminal through the network security channel, and when the IP address of the total network service terminal is updated, the network authentication update information sent by the total network service terminal is obtained, and the network authentication update information is distributed to the sub-network service terminal. Therefore, an intelligent different-place network security channel can be constructed through the cloud platform and the network service terminal, and the updating, distribution and authentication work of the network authentication information can be automatically completed.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic view of an application scenario of an intelligent allopatric network resource interworking deployment system according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of an intelligent allopatric network resource interworking deployment method according to an embodiment of the present invention;
fig. 3 is a functional module diagram of an intelligent allopatric network resource interworking deployment apparatus according to an embodiment of the present invention;
fig. 4 is a schematic block diagram of a cloud platform for implementing the foregoing intelligent allopatric network resource interworking deployment method according to an embodiment of the present invention.
Detailed Description
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only examples or embodiments of the present description, and that for a person skilled in the art, the present description can also be applied to other similar scenarios on the basis of these drawings without inventive effort. Unless otherwise apparent from the context, or otherwise indicated, like reference numbers in the figures refer to the same structure or operation.
It should be understood that "system", "apparatus", "unit" and/or "module" as used in this specification is a method for distinguishing different components, elements, parts, portions or assemblies of different levels. However, other words may be substituted by other expressions if they accomplish the same purpose.
As used in this specification and the appended claims, the terms "a," "an," "the," and/or "the" are not intended to be inclusive in the singular, but rather are intended to be inclusive in the plural, unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" are intended to cover only the explicitly identified steps or elements as not constituting an exclusive list and that the method or apparatus may comprise further steps or elements.
Flow charts are used in this description to illustrate operations performed by a system according to embodiments of the present description. It should be understood that the preceding or following operations are not necessarily performed in the exact order in which they are performed. Rather, the steps may be processed in reverse order or simultaneously. Meanwhile, other operations may be added to the processes, or a certain step or several steps of operations may be removed from the processes.
Fig. 1 is an interaction diagram of an intelligent allopatric network resource interworking deployment system 10 according to an embodiment of the present invention. The intelligent allopatric network resource interworking deployment system 10 can include a cloud platform 100 and a network service terminal 200 communicatively connected to the cloud platform 100. The intelligent displaced network resource interworking deployment system 10 shown in fig. 1 is only one possible example, and in other possible embodiments, the intelligent displaced network resource interworking deployment system 10 may also include only a part of the components shown in fig. 1 or may also include other components.
In this embodiment, the cloud platform 100 and the network service terminal 200 in the intelligent remote network resource interworking deployment system 10 may execute the intelligent remote network resource interworking deployment method described in the following method embodiment in a matching manner, and the specific steps of executing the cloud platform 100 and the network service terminal 200 may refer to the detailed description of the following method embodiment.
To solve the technical problem in the foregoing background technology, fig. 2 is a schematic flow diagram of an intelligent remote network resource interworking deployment method according to an embodiment of the present invention, where the intelligent remote network resource interworking deployment method provided in this embodiment can be executed by the cloud platform 100 shown in fig. 1, and the following describes the intelligent remote network resource interworking deployment method in detail.
Step S110, network service terminal information bound by each service user is obtained, wherein the network service terminal information comprises service topology information of a total network service terminal and a sub-network service terminal.
For example, the general network service terminal may refer to a network service terminal of a general company, and the sub-network service terminal may refer to a network service terminal of a sub-company. The traffic topology information may refer to a traffic distribution relationship between the overall network service terminal and the sub-network service terminals.
And step S120, acquiring the network authentication information configured by the total network service terminal, and issuing the network authentication information to the sub-network service terminal according to the service topology information.
For example, the network authentication information may refer to authentication credential information for allowing access to network resources. When the configuration of the network authentication information is completed by the total network service terminal, the network authentication information is automatically synchronized to the cloud platform 100, and the cloud platform 100 can issue the network authentication information to the sub-network service terminal according to the service topology information, so that the subsequent sub-network service terminal can be intercommunicated with the total network service terminal based on the network authentication information when the network resources in different places need to be intercommunicated and deployed.
Step S130, when an authenticated user login request sent by the target computer terminal via the target sub-network service terminal is obtained, network authentication information corresponding to the authenticated user login request is obtained, and a network security channel between the target computer terminal and the main network service terminal is established according to the network authentication information, so that the target computer terminal is connected with network resources of the main network service terminal through the network security channel, wherein the network security channel adopts a VPN channel.
Step S140, when the IP address of the main network service terminal is updated, the network authentication update information sent by the main network service terminal is acquired, and the network authentication update information is distributed to the sub-network service terminals.
In this embodiment, after the network authentication information configured by the main network service terminal is obtained, the network authentication information may be issued to the sub-network service terminal according to the service topology information, and a network security channel between the target computer terminal and the main network service terminal may be established according to the network authentication information corresponding to the authenticated user login request sent by the target sub-network service terminal, so that the target computer terminal is connected to the network resource of the main network service terminal through the network security channel, and when the IP address of the main network service terminal is updated, the network authentication update information sent by the main network service terminal is obtained, and the network authentication update information is distributed to the sub-network service terminal. Therefore, an intelligent allopatric network security channel can be constructed through the cloud platform 100 and the network service terminal, and the updating, distribution and authentication work of the network authentication information can be automatically completed.
In addition, the two network service terminals can achieve network intercommunication between the subsidiary company and the main company, data can be transmitted through a secure channel, and the cloud platform 100 can automatically complete certificate updating, distribution and authentication without human interference when the main company is connected with the network service terminals of the subsidiary company. An individual user can establish a secure connection channel with a company network without special equipment after obtaining an authentication certificate through the cloud platform 100. From the network service terminal to the cloud, from the cloud to the user, from the user to the company, from the subsidiary company to the main company, a safe authentication and channel mechanism is adopted, and the safety of the user and the company data is guaranteed. Moreover, enterprise managers can complete the environment construction of the whole company network intercommunication only by registering accounts, binding network service terminals and distributing users, professional knowledge backgrounds and professional equipment purchasing are not needed, and the problem of no speciality is solved from the aspect of speciality.
In one embodiment, on the basis of the above description, in order to improve the reliability and security of the network authentication information, the embodiment may further perform encryption configuration on the configured network authentication information;
wherein, the step of encrypting and configuring the configured network authentication information comprises:
step S101, acquiring corresponding network authentication encryption configuration information according to the network authentication information, performing encryption configuration variable information identification on the network authentication encryption configuration information, and performing ciphertext verification project analysis on the acquired encryption configuration variable information to obtain a ciphertext verification project attribute of the encryption configuration variable information. And the network authentication encryption configuration information is used for recording the target network authentication encryption configuration resource.
And step S102, determining an encryption authentication response message or an encryption authentication response message sequence corresponding to the encryption configuration variable information according to the ciphertext verification project attribute.
Step S103, according to the encrypted authentication response message or the encrypted authentication response message sequence, determining an encrypted configuration instruction corresponding to the target network authentication encrypted configuration resource.
Step S104, configuring corresponding encryption access channels for the configured network authentication information based on the encryption configuration instruction corresponding to the target network authentication encryption configuration resource.
In one embodiment, step S101 may be implemented by the following sub-steps, for example.
S201, obtaining a plurality of groups of network authentication encryption configuration information, wherein the plurality of groups of network authentication encryption configuration information are used for recording target network authentication encryption configuration resources.
In an embodiment, the target network authentication encryption configuration resource may be a network authentication encryption configuration resource corresponding to an actual security configuration firewall, and the multiple sets of network authentication encryption configuration information include encryption configuration variable information corresponding to the target network authentication encryption configuration resource. In this step, the cloud platform 100 may obtain multiple sets of network authentication, encryption, and configuration information within a certain range. This step may include: the cloud platform 100 acquires a target encryption configuration range indicating an encryption configuration range of encryption configuration variable information included in a set of network authentication encryption configuration information. The cloud platform 100 obtains the multiple groups of network authentication encryption configuration information according to the target encryption configuration range, where the encryption configuration range of each group of network authentication encryption configuration information is the target encryption configuration range. In an embodiment, the cloud platform 100 may identify, based on encryption configuration variable information in each group of network authentication encryption configuration information, a network authentication encryption configuration resource recorded in each group of network authentication encryption configuration information, to obtain analysis information of each group of network authentication encryption configuration information. The target encryption configuration range may be an encryption configuration range of encryption configuration variable information corresponding to one encryption configuration process. The parsing information may be: a single encrypted authentication response message or a sequence of encrypted authentication response messages.
In addition, in an embodiment, the cloud platform 100 may identify a plurality of pieces of encryption configuration variable information from the encryption configuration variable information in the network authentication encryption configuration information, and perform encryption configuration in units of each piece of encryption configuration variable information, for example, the cloud platform 100 may identify the network authentication encryption configuration resource recorded by each piece of encryption configuration variable information based on a ciphertext verification item attribute of the encryption configuration variable information of a certain encryption configuration attribute, where the ciphertext verification item attribute of each piece of encryption configuration variable information is used to indicate a possibility that each reference encryption response behavior in the plurality of reference encryption response behaviors of the piece of encryption configuration variable information is a key encryption response behavior. The cloud platform 100 may use multiple continuous encryption configuration variable information as one encryption configuration variable information sequence, and perform a ciphertext verification item attribute determination process based on the continuous encryption configuration variable information sequence of a certain cross-domain encryption range, so as to obtain a ciphertext verification item attribute of each piece of encryption configuration variable information. The cloud platform 100 may determine the size of the target encryption configuration range by combining factors such as a cross-domain encryption range of the encryption configuration variable information sequence required by the process of determining the attribute of the ciphertext verification item, an identification manner of the encryption configuration variable information in the network authentication encryption configuration information, and the like.
In another embodiment, for the first set of network authentication encryption configuration information, the cloud platform 100 may further determine, in combination with the encryption configuration state of each piece of encryption configuration variable information and the encryption configuration attribute of the encryption configuration variable information in one encryption configuration variable information sequence, the encryption configuration range size of the first set of network authentication encryption configuration information, and then the process may include: the cloud platform 100 may determine a second target encryption configuration range according to the target update information, the target encryption configuration state, the first target cross-domain encryption range, the second target cross-domain encryption range, and the target encryption configuration policy. The second target encryption configuration range is used for indicating an encryption configuration range of encryption configuration variable information in the first group of network authentication encryption configuration information in the plurality of groups of network authentication encryption configuration information, and each encryption configuration variable information sequence comprises second target cross-domain encryption range bar encryption configuration variable information. The target encryption configuration state refers to the time consumed for encryption configuration of a piece of encryption configuration variable information. The target encryption configuration state may be set based on needs, which is not specifically limited in the embodiment of the present invention.
In an embodiment, the cloud platform 100 may obtain the target encryption configuration range, send the target encryption configuration range to an actual security configuration firewall, and send the multiple sets of network authentication encryption configuration information to the cloud platform 100 by the actual security configuration firewall based on the target encryption configuration range, where the cloud platform 100 receives the multiple sets of network authentication encryption configuration information sent by the actual security configuration firewall, and an encryption configuration range of each set of network authentication encryption configuration information is the target encryption configuration range. In one embodiment, the actual security configuration firewall may generate corresponding network authentication encryption configuration information according to the acquired target network authentication encryption configuration resource during the process of acquiring the network authentication encryption configuration resource, and send the network authentication encryption configuration information generated in real time to the cloud platform 100, when an end request is acquired, the actual security configuration firewall may further determine end network authentication encryption configuration information based on the end request, and send the end network authentication encryption configuration information and the end request to the cloud platform 100, where the end request is used to indicate a configuration flow of the network authentication encryption configuration information corresponding to the target network authentication encryption configuration resource, the cloud platform 100 receives the end network authentication encryption configuration information, and determines that the network authentication encryption configuration information corresponding to the target network authentication encryption configuration resource is sent completely based on the end request, and the cloud platform 100 may use the finally acquired network authentication encryption configuration information as the end network authentication encryption configuration information. Of course, the actual security configuration firewall may include the end request in the tail network authentication and encryption configuration information, and when the cloud platform 100 parses the tail network authentication and encryption configuration information, the end request is obtained, and the tail network authentication and encryption configuration information in the multiple sets of network authentication and encryption configuration information is determined.
It should be noted that the multiple sets of network authentication encryption configuration information include second network authentication encryption configuration information and first network authentication encryption configuration information, the second network authentication encryption configuration information is last network authentication encryption configuration information in the multiple sets of network authentication encryption configuration information, and the first network authentication encryption configuration information may be network authentication encryption configuration information except the last network authentication encryption configuration information in the multiple sets of network authentication encryption configuration information. In one possible implementation, the embodiment of the present invention may focus on an optimized analysis process of the second network authentication encryption configuration information. For the second network authentication encryption configuration information, the cloud platform 100 may perform encryption configuration on the second network authentication encryption configuration information through the following processes of S203-S205; for the first network authentication encryption configuration information, the cloud platform 100 may perform encryption configuration on the first network authentication encryption configuration information through the following process of S202. The cloud platform 100 may obtain the parsing information of the target network authentication encryption configuration resource based on the identification process of the second network authentication encryption configuration information and the first network authentication encryption configuration information.
S202, for the first network authentication encryption configuration information, the cloud platform 100 analyzes an encryption configuration instruction corresponding to each group of network authentication encryption configuration information according to encryption configuration variable information in each group of network authentication encryption configuration information.
For the first network authentication encryption configuration information, the cloud platform 100 may identify encryption configuration variable information according to encryption configuration variable information of the first network authentication encryption configuration information, and perform encryption configuration on the network authentication encryption configuration resource recorded in the first network authentication encryption configuration information based on multiple pieces of encryption configuration variable information obtained through identification. This step can be realized by, for example, S2021 to S2025 below.
S2021, the cloud platform 100 identifies the encryption configuration variable information of the first network authentication encryption configuration information, obtains multiple pieces of encryption configuration variable information, and performs ciphertext verification item extraction on each piece of encryption configuration variable information to obtain a ciphertext verification item of each piece of encryption configuration variable information.
In this step, the cloud platform 100 identifies the encryption configuration variable information of the first network authentication encryption configuration information as a plurality of pieces of encryption configuration variable information according to the target encryption configuration state and the target update information. The ciphertext verification item may configure a service requirement intention of the variable information for encryption, and the like, which is not specifically limited in the embodiment of the present invention. The ciphertext verification item of each piece of encryption configuration variable information may be in the form of intended text content.
S2022, the cloud platform 100 obtains the encryption configuration variable information sequence of the first target cross-domain encryption range according to the first target cross-domain encryption range and the second target cross-domain encryption range.
The cloud platform 100 may determine, as one encryption configuration variable information sequence, encryption configuration variable information of a second target cross-domain encryption range in the multiple pieces of encryption configuration variable information, and determine, from the first network authentication encryption configuration information, an encryption configuration variable information sequence of a first target cross-domain encryption range. In an embodiment, for each piece of encryption configuration variable information, the cloud platform 100 obtains, according to the second target cross-domain encryption range, a piece of encryption configuration variable information of a second target cross-domain encryption range from multiple pieces of encryption configuration variable information in the network authentication encryption configuration information, and uses the piece of encryption configuration variable information of the second target cross-domain encryption range as an encryption configuration variable information sequence in which the piece of encryption configuration variable information is located. The second target cross-domain encryption range bar encryption configuration variable information may be a plurality of consecutive and adjacent encryption configuration variable information in a plurality of encryption configuration variable information included in the network authentication encryption configuration information. In one embodiment, each piece of encryption configuration variable information corresponds to an encryption configuration variable information sequence, for each piece of encryption configuration variable information, the cloud platform 100 may obtain the piece of encryption configuration variable information, sequence a fifth target cross-domain encryption range piece of encryption configuration variable information located after the piece of encryption configuration variable information in a plurality of pieces of encryption configuration variable information of the network authentication encryption configuration information, and use the piece of encryption configuration variable information and the fifth target cross-domain encryption range piece of encryption configuration variable information as an encryption configuration variable information sequence. The second target cross-domain encryption range may be equal to the fifth target cross-domain encryption range plus one.
For example, the n pieces of encryption configuration variable information included in the first network authentication encryption configuration information may be: item 1, item 2, item 3, \8230 \ 8230and item n. The cloud platform 100 may use k consecutive pieces of encryption configuration variable information as an encryption configuration variable information sequence, for example, 1 st, 2 nd, 3 rd, \8230 \8230wherethe k-th piece is the encryption configuration variable information sequence where the first piece of encryption configuration variable information is located; item 2, item 3, item 4, \ 8230 \ +1 is an encryption configuration variable information sequence where the second piece of encryption configuration variable information is located, each piece of encryption configuration variable information corresponds to one encryption configuration variable information sequence, and so on, to obtain an encryption configuration variable information sequence corresponding to the first target cross-domain encryption range.
S2023, the cloud platform 100 determines, based on the ciphertext verification item of each encryption configuration variable information sequence in the encryption configuration variable information sequences of the first target cross-domain encryption range, the ciphertext verification item attribute of each piece of encryption configuration variable information through the ciphertext verification item attribute model.
For each encryption configuration variable information sequence, the cloud platform 100 may fuse the ciphertext verification items of the encryption configuration variable information corresponding to the second target cross-domain encryption range in the encryption configuration variable information sequence to obtain the ciphertext verification items of the encryption configuration variable information sequence. The cloud platform 100 may determine, according to the ciphertext verification item of the encryption configuration variable information sequence of the first target cross-domain encryption range, the ciphertext verification item attribute of each encryption configuration variable information sequence through a ciphertext verification item attribute model. For each piece of encryption configuration variable information, the cloud platform 100 may determine the ciphertext verification item attribute of the encryption configuration variable information sequence in which the piece of encryption configuration variable information is located as the ciphertext verification item attribute of the piece of encryption configuration variable information.
The ciphertext verification item attribute of each piece of encryption configuration variable information comprises a plurality of reference encryption response behaviors corresponding to the piece of encryption configuration variable information and the authentication attribute of each reference encryption response behavior. The authentication attribute of each reference encryption response behavior is used for representing the possibility that the reference encryption response behavior is the key encryption response behavior of the network authentication encryption configuration resource recorded by the piece of encryption configuration variable information. The larger the authentication attribute value of the reference cryptographic response behavior, the larger the possibility that the reference cryptographic response behavior is indicated as a key cryptographic response behavior.
S2024, the cloud platform 100 determines an encryption response behavior of each piece of encryption configuration variable information according to the ciphertext verification item attribute of each piece of encryption configuration variable information.
For each piece of encryption configuration variable information, the cloud platform 100 may screen a reference encryption response behavior corresponding to the maximum response cycle amount from a plurality of reference encryption response behaviors of the piece of encryption configuration variable information according to the ciphertext verification item attribute of the piece of encryption configuration variable information, and use the reference encryption response behavior as the encryption response behavior of the piece of encryption configuration variable information. In one embodiment, the cloud platform 100 may use each cryptographic response behavior of each piece of cryptographic configuration variable information as a cryptographic response policy, and the authentication attribute of the cryptographic response behavior as a cryptographic response status component of the cryptographic response policy. The cloud platform 100 may perform encryption response behavior extension corresponding to the walk-around encryption response policy to determine the encryption response behavior of each piece of encryption configuration variable information. In one embodiment, for each piece of encryption configuration variable information, the cloud platform 100 obtains a plurality of temporary encryption response policies of the first encryption response policy according to the first encryption response policy corresponding to the previous piece of encryption configuration variable information of the piece of encryption configuration variable information, each temporary encryption response policy is used for indicating a reference encryption response behavior of the current piece of encryption configuration variable information, the cloud platform 100 obtains an authentication attribute of each reference encryption response behavior from a ciphertext verification item attribute of the current piece of encryption configuration variable information, determines a second encryption response policy from the plurality of temporary encryption response policies according to the authentication attribute of each reference encryption response behavior, and uses the second encryption response policy as the encryption response policy of the current piece of encryption configuration variable information. The encryption response state component of the second encryption response strategy is the authentication attribute of the corresponding reference encryption response behavior. In an embodiment, the cross-domain encryption ranges of the first encryption response policy and the second encryption response policy are not limited, for example, the cloud platform 100 may use all the temporary encryption response policies as the second encryption response policy, or may screen out the second encryption response policy of the sixth target cross-domain encryption range from a plurality of temporary encryption response policies, for example, screen out 15 second encryption response policies whose authenticity heat values corresponding to the encryption response behaviors are located in the top 15 names. For example, the encryption response policy corresponding to each piece of encryption configuration variable information may be referred to as an active encryption response policy of the piece of encryption configuration variable information, and when the cloud platform 100 walks out of the active encryption response policies of the x pieces of encryption configuration variable information, the cloud platform 100 may place the active encryption response policies corresponding to the x pieces of encryption configuration variable information in an active encryption response policy list and continue to walk out of the temporary encryption response policy of each first encryption response policy, for example, the first encryption response policy may correspond to 3 temporary encryption response policies, so as to finally determine the second encryption response policy of the x +1 pieces of encryption configuration variable information.
S2025, the cloud platform 100 determines, according to the multiple encryption response behaviors of the multiple pieces of encryption configuration variable information, an encryption authentication response message or an encryption authentication response message sequence corresponding to the multiple pieces of encryption configuration variable information.
The cloud platform 100 determines an encryption response policy corresponding to a plurality of pieces of encryption configuration variable information and an encryption response state component of the encryption response policy, and the cloud platform 100 walks from a key encryption response policy corresponding to a first piece of encryption configuration variable information to a non-key encryption response policy corresponding to a last piece of encryption configuration variable information according to the encryption response state component of the encryption response policy to obtain a plurality of pieces of reference response data, and takes an encryption response state component with the highest response frequency corresponding to the encryption response state component in the plurality of pieces of reference response data as a target encryption response state component. The cloud platform 100 uses the encryption response behaviors corresponding to the encryption response policies in the target encryption response state component as a plurality of encryption response behaviors of the first network authentication encryption configuration information. When the plurality of encrypted response behaviors satisfy the first behavior feature, the cloud platform 100 may further analyze, based on the authentication attribute analysis model, the authentication attributes of the plurality of reference encrypted authentication response messages corresponding to the plurality of encrypted response behaviors. The first behavior feature may be that the plurality of encryption response behaviors may correspond to a reliability compliance condition, and the cloud platform 100 determines, according to the authentication attributes of the plurality of reference encryption authentication response messages, resolution information of the first network authentication encryption configuration information, that is, an encryption authentication response message sequence or a single encryption authentication response message corresponding to the plurality of pieces of encryption configuration variable information. The authentication attribute analysis model may be a convolutional neural network model, a forward feedback neural network model, or a decision tree model, and the embodiment of the present invention is not particularly limited to this.
It should be noted that, in order to describe the above S2021 to S2025 more clearly, S2021 to S2025 further describes that, for example, the actual security configuration firewall splits the target network authentication encryption configuration resource of the user, divides the target network authentication encryption configuration resource into a plurality of groups of network authentication encryption configuration information, sends the network authentication encryption configuration information to the cloud platform 100, and determines whether to upload the network authentication encryption configuration information to the end, and if so, stops uploading. The cloud platform 100 acquires multiple groups of network authentication and encryption configuration information uploaded by an actual security configuration firewall, for each group of network authentication and encryption configuration information, the cloud platform 100 identifies encryption configuration variable information in each group of network authentication and encryption configuration information as multiple pieces of encryption configuration variable information according to a target encryption configuration state and target update information, extracts a ciphertext verification item of each piece of encryption configuration variable information for each piece of encryption configuration variable information, determines a ciphertext verification item attribute of each piece of encryption configuration variable information through a ciphertext verification item attribute model based on multiple encryption configuration variable information sequences where multiple pieces of encryption configuration variable information in the network authentication and encryption configuration information are located, determines an encryption response behavior of each piece of encryption configuration variable information based on the ciphertext verification item attribute of each piece of encryption configuration variable information and a mode of querying corresponding to a wandering encryption response strategy, and analyzes a model tag by combining the authentication attributes in a querying process to determine an encryption configuration instruction corresponding to the multiple pieces of encryption configuration variable information in the network authentication and encryption configuration information. In addition, the cloud platform 100 may also dynamically calculate the size of the network authentication encryption configuration information in real time according to the manner of S201. By reasonably configuring the size of each group of network authentication encryption configuration information, the problem of low encryption configuration efficiency caused by unreasonable size of the encryption configuration range of the network authentication encryption configuration information is solved, and the feedback efficiency of each group of network authentication encryption configuration information can be effectively improved.
S203, the cloud platform 100 determines, based on the virtual encryption lock of each piece of encryption configuration variable information included in the second network authentication encryption configuration information and the first network authentication encryption configuration information, a first encryption configuration template of the network authentication encryption configuration resource recorded in the second network authentication encryption configuration information and a second encryption configuration template of the network authentication encryption configuration resource recorded in the first network authentication encryption configuration information.
In one embodiment, the encryption configuration template is used to indicate a configuration type of a network authentication encryption configuration resource.
In one embodiment, for the second network authentication encryption configuration information, the cloud platform 100 may also determine, according to the target encryption configuration state and the target update information, a plurality of pieces of encryption configuration variable information included in the second network authentication encryption configuration information. The cloud platform 100 may determine the encryption configuration template of the second network authentication encryption configuration information according to the virtual encryption lock of each piece of encryption configuration variable information included in the second network authentication encryption configuration information. For the first network authentication encryption configuration information, the cloud platform 100 may also determine an encryption configuration template of the first network authentication encryption configuration information according to the virtual encryption lock of each piece of encryption configuration variable information included in the first network authentication encryption configuration information.
In one embodiment, the cloud platform 100 may further represent an encryption configuration template of the first network authentication encryption configuration information in combination with an associated dongle between the first network authentication encryption configuration information and the second network authentication encryption configuration information. The process may include: the cloud platform 100 obtains a second encryption configuration template of the network authentication encryption configuration resource recorded by the first network authentication encryption configuration information according to the associated encryption lock between the first network authentication encryption configuration information and the second network authentication encryption configuration information and the virtual encryption lock of each piece of encryption configuration variable information in the first network authentication encryption configuration information. The associated encryption lock is used for indicating the virtual encryption lock of the encryption configuration variable information in the first network authentication encryption configuration information to the associated information of the virtual encryption lock of the encryption configuration variable information in the second network authentication encryption configuration information. In one embodiment, the cloud platform 100 may represent an associated encryption lock between the first network authentication encryption configuration information and the second network authentication encryption configuration information corresponding to the ordering of the first network authentication encryption configuration information in the plurality of sets of network authentication encryption configuration information. The cloud platform 100 may obtain the order of the first network authentication encryption configuration information in the plurality of sets of network authentication encryption configuration information; the cloud platform 100 obtains a second encryption configuration template of the network authentication encryption configuration resource recorded by the first network authentication encryption configuration information according to the virtual encryption lock of each piece of encryption configuration variable information in the first network authentication encryption configuration information and the sequence of the first network authentication encryption configuration information in the plurality of sets of network authentication encryption configuration information. The ordering is used for indicating the associated encryption locks of the first network authentication encryption configuration information and the second network authentication encryption configuration information, and the reliability of the associated encryption lock between the first network authentication encryption configuration information and the second network authentication encryption configuration information is higher after the ordering of the first network authentication encryption configuration information is more backward; the more the first network authentication encryption configuration information is ranked, the lower the reliability of correspondence of the associated encryption lock between the second network authentication encryption configuration information is. The ranking of the first network authentication encryption configuration information is used for indicating the association information of the second encryption configuration information on the virtual encryption lock of the encryption configuration variable information in the second network authentication encryption configuration information, the more the first network authentication encryption configuration information is ranked, the greater the influence of the first network authentication encryption configuration information on the virtual encryption lock of the encryption configuration variable information in the second network authentication encryption configuration information is, for example, the second network authentication encryption configuration information in the two groups of network authentication encryption configuration information is close to the encryption configuration template size of at least the penultimate group of network authentication encryption configuration information, and the association information of the penultimate group of network authentication encryption configuration information on the second network authentication encryption configuration information is larger than the penultimate group of network authentication encryption configuration information.
In another embodiment, the cloud platform 100 may also determine, in combination with a plurality of associated oplocks between the first network authentication encryption configuration information and the second network authentication encryption configuration information, an encryption configuration template of the network authentication encryption configuration resource recorded in the second network authentication encryption configuration information. In a specific example, the cloud platform 100 obtains an ordering of each first network authentication encryption configuration information in the plurality of sets of network authentication encryption configuration information, and determines a first encryption configuration template of the network authentication encryption configuration resource recorded by the second network authentication encryption configuration information according to the ordering of the plurality of first network authentication encryption configuration information and a virtual encryption lock of each piece of encryption configuration variable information in the second network authentication encryption configuration information.
In an embodiment, the cloud platform 100 may receive, in real time, network authentication encryption configuration information sent by an actual security configuration firewall, and determine whether the currently obtained network authentication encryption configuration information is second network authentication encryption configuration information, if the currently obtained network authentication encryption configuration information is the second network authentication encryption configuration information, a first encryption configuration template of the second network authentication encryption configuration information is obtained corresponding to the step, otherwise, a second encryption configuration template of the first network authentication encryption configuration information is obtained corresponding to the step. For example, when the cloud platform 100 parses the end request from the currently acquired network authentication encryption configuration information, the cloud platform 100 determines that the currently acquired network authentication encryption configuration information is the last network authentication encryption configuration information, that is, the second network authentication encryption configuration information. It should be noted that the cloud platform 100 may determine the encryption configuration template of the second network authentication encryption configuration information or the first network authentication encryption configuration information based on the associated encryption lock between the first network authentication encryption configuration information and the second network authentication encryption configuration information, and the virtual encryption lock combined with the encryption configuration variable information in the network authentication encryption configuration information, so that the encryption configuration template of the first network authentication encryption configuration information may represent the associated information of the first network authentication encryption configuration information to the second network authentication encryption configuration information. The more similar the first network authentication encryption configuration information and the second network authentication encryption configuration information, the greater the influence on the second network authentication encryption configuration information, and the encryption configuration template determining mode of the step can well embody the strategy rationality of each network authentication encryption configuration information and the associated encryption lock between the first network authentication encryption configuration information and the second network authentication encryption configuration information, thereby improving the accuracy of subsequently determining the whole template matching rule information and further improving the accuracy of encryption configuration.
S204, the cloud platform 100 determines, based on the template related information between the first encryption configuration template and the second encryption configuration template, the whole template matching rule information of the second network authentication encryption configuration information.
In one embodiment, the whole template matching rule information is used to indicate that the second network authentication encryption configuration information records the configuration integrity of a whole network authentication encryption configuration resource, where the whole network authentication encryption configuration resource refers to a network authentication encryption configuration resource other than a special network authentication encryption configuration resource. In one embodiment, when the matching degree difference between the first encryption configuration template and the second encryption configuration template is smaller than the target preset rule correlation degree, the cloud platform 100 determines that the overall template matching rule information indicates that the second network authentication encryption configuration information records an overall network authentication encryption configuration resource. When the matching degree difference between the first encryption configuration template and the second encryption configuration template is greater than the target preset rule correlation degree, the cloud platform 100 determines that the overall template matching rule information may indicate that the second network authentication encryption configuration information does not record the overall network authentication encryption configuration resource. The target preset rule relevance may be set based on needs, which is not specifically limited in the embodiment of the present invention.
In one embodiment, the first network authentication encryption configuration information may have a plurality of cross-domain encryption ranges, and the cloud platform 100 may further determine the overall template matching rule information based on a key encryption configuration template of the plurality of first network authentication encryption configuration information, where the overall template matching rule information may be in the form of text, and the process may include: the cloud platform 100 determines a plurality of key encryption configuration templates corresponding to the first network authentication encryption configuration information according to a second encryption configuration template of the network authentication encryption configuration resource recorded by each first network authentication encryption configuration information; the cloud platform 100 may determine, according to the key encryption configuration template and the first encryption configuration template, relevant matching rule information of the first encryption configuration template relative to the first encryption configuration template and template relevant information of the key encryption configuration template, and determine the relevant matching rule information as the overall template matching rule information.
It should be noted that, the size of the overall template matching rule information indicates that the second network authentication encryption configuration information includes the configuration integrity of the overall network authentication encryption configuration resource, and the cloud platform 100 may continue to determine the encryption configuration instruction of the target network authentication encryption configuration resource based on the overall template matching rule information through the following processes of S205-S206.
It should be noted that S203-S204 are one possible implementation manner of the step "the cloud platform 100 determines the whole template matching rule information of the second network authentication encryption configuration information in the multiple sets of network authentication encryption configuration information based on the encryption configuration template of the network authentication encryption configuration resource recorded by each set of network authentication encryption configuration information", and S203-S204 are a first encryption configuration template that acquires the second network authentication encryption configuration information and a second encryption configuration template that acquires the first network authentication encryption configuration information, respectively, and determine the whole template matching rule information based on the template related information of the two encryption configuration templates. In another possible implementation, the cloud platform 100 may further obtain a first encryption configuration template of the second network authentication encryption configuration information and a third encryption configuration template of the penultimate network authentication encryption configuration information, and determine the overall template matching rule information based on the template-related information of the first encryption configuration template and the third encryption configuration template. Of course, the embodiment of the present invention may also determine the overall template matching rule information in other manners, for example, the cloud platform 100 may also determine the overall template matching rule information by combining the fourth encryption configuration template of the penultimate group of network authentication encryption configuration information and the template related information of the first encryption configuration template.
S205, when the overall template matching rule information of the second network authentication encryption configuration information satisfies the second behavior feature, the cloud platform 100 determines the encryption configuration instruction of the target network authentication encryption configuration resource based on the first network authentication encryption configuration information in the multiple sets of network authentication encryption configuration information.
The second behavior feature includes: the overall template matching rule information indicates that the second network authentication encryption configuration information does not record the overall network authentication encryption configuration resource, and the rule correlation degree corresponding to the overall template matching rule information is smaller than at least one of the first preset rule correlation degrees. In one embodiment, when the overall template matching rule information satisfies the second behavior feature, the cloud platform 100 may directly discard the second network authentication encryption configuration information. The cloud platform 100 may determine, according to the encryption authentication response message corresponding to the plurality of first network authentication encryption configuration information, an encryption configuration instruction corresponding to the target network authentication encryption configuration resource.
S206, when the overall template matching rule information of the second network authentication encryption configuration information satisfies the third behavior feature, the cloud platform 100 determines the encryption configuration instruction of the target network authentication encryption configuration resource based on the second network authentication encryption configuration information and the first network authentication encryption configuration information.
The third behavior feature includes: the overall template matching rule information indicates that the second network authentication encryption configuration information records overall network authentication encryption configuration resources, and the overall template matching rule information is not less than at least one of the first preset rule correlation degrees. When the overall template matching rule information satisfies the third behavior characteristic, the cloud platform 100 may obtain, according to the overall template matching rule information of the second network authentication encryption configuration information, a plurality of encryption response behaviors corresponding to the network authentication encryption configuration resources recorded in the second network authentication encryption configuration information; the cloud platform 100 may further determine an encryption configuration instruction corresponding to the target network authentication encryption configuration resource according to the encryption authentication response message corresponding to the multiple encryption response behaviors and the encryption authentication response message corresponding to the first network authentication encryption configuration information.
In one embodiment, the overall template matching rule information records the possibility of the overall network authentication encryption configuration resource for the second network authentication encryption configuration information; when the rule correlation degree corresponding to the entire template matching rule information is not less than a second preset rule correlation degree, the cloud platform 100 may determine a plurality of reference encryption response behaviors corresponding to the network authentication encryption configuration resource recorded in the second network authentication encryption configuration information as a plurality of encryption response behaviors corresponding to the second network authentication encryption configuration information, where the second preset rule correlation degree is greater than the first preset rule correlation degree; when the rule correlation degree corresponding to the entire template matching rule information is greater than the first preset rule correlation degree and less than the second preset rule correlation degree, the cloud platform 100 may screen out, according to the entire template matching rule information, a reference encryption response behavior of a third target cross-domain encryption range from a plurality of reference encryption response behaviors corresponding to the network authentication encryption configuration resource recorded in the second network authentication encryption configuration information as a plurality of encryption response behaviors corresponding to the second network authentication encryption configuration information. The first preset rule relevance degree and the second preset rule relevance degree may be set based on needs, which is not specifically limited in the embodiment of the present invention.
In one embodiment, the screening process may include: when the rule correlation degree corresponding to the entire template matching rule information is greater than the first preset rule correlation degree and less than the second preset rule correlation degree, the cloud platform 100 may obtain a ciphertext verification item attribute of the encryption configuration variable information in the second network authentication encryption configuration information, where the ciphertext verification item attribute is used to indicate a possibility that each reference encryption response behavior is a key encryption response behavior corresponding to the network authentication encryption configuration resource recorded by the encryption configuration variable information; the cloud platform 100 may determine a third target cross-domain encryption range of the multiple encrypted response behaviors according to the entire template matching rule information and the maximum reserved cross-domain encryption range of the multiple reference encrypted response behaviors; the cloud platform 100 may screen out an encryption response behavior of a third target cross-domain encryption range in which the ciphertext verification item attribute satisfies a fourth behavior from the plurality of reference encryption response behaviors.
In one embodiment, the second network authentication encryption configuration information may include a plurality of pieces of encryption configuration variable information. The cloud platform 100 may obtain the ciphertext verification item attribute of each piece of encryption configuration variable information in the second network authentication encryption configuration information. The process may include: the cloud platform 100 may further identify the second network authentication encryption configuration information as fourth target cross-domain encryption range bar encryption configuration variable information according to the target update information and the target encryption configuration state; for each piece of encryption configuration variable information, the cloud platform 100 may determine, according to the adjacent encryption configuration variable information of the encryption configuration variable information, an encryption configuration variable information sequence in which the encryption configuration variable information is located, to obtain a service encryption configuration variable information sequence of a first target cross-domain encryption range, where each encryption configuration variable information sequence includes a plurality of adjacent pieces of encryption configuration variable information; the cloud platform 100 may determine, according to the encryption configuration variable information sequence of the first target cross-domain encryption range, a ciphertext verification item attribute of each piece of encryption configuration variable information in the second network authentication encryption configuration information.
In one embodiment, for each piece of encryption configuration variable information in the second network authentication encryption configuration information, the cloud platform 100 may use an encryption response behavior of each piece of encryption configuration variable information in the second network authentication encryption configuration information as one encryption response policy, and use an authentication attribute of the encryption response behavior as an encryption response state component between the encryption response policies. The cloud platform 100 obtains a plurality of temporary encryption response policies of the third encryption response policy according to a third encryption response policy corresponding to a previous piece of encryption configuration variable information of the piece of encryption configuration variable information, each temporary encryption response policy is used for indicating a reference encryption response behavior of the current piece of encryption configuration variable information, the cloud platform 100 obtains authentication attributes of the plurality of reference encryption response behaviors from a ciphertext verification item attribute of the current piece of encryption configuration variable information, determines a fourth encryption response policy from the plurality of temporary encryption response policies according to the authentication attributes of the plurality of reference encryption response behaviors, uses the fourth encryption response policy as an encryption response policy of the current piece of encryption configuration variable information, and an encryption response state component of the fourth encryption response policy is the authentication attribute of the corresponding reference encryption response behavior. The cloud platform 100 may adjust the cross-domain encryption range of the fourth encryption response policy according to the size of the entire template matching rule information. For example, the cloud platform 100 may obtain the maximum encryption response policy cross-domain encryption range allowed to be reserved, that is, the maximum reserved cross-domain encryption ranges of the multiple reference encryption response behaviors, and determine the sixth target cross-domain encryption range of the fourth encryption response policy according to the maximum encryption response policy cross-domain encryption range and the overall template matching rule information.
For each piece of encryption configuration variable information in the second network authentication encryption configuration information, the cloud platform 100 determines an encryption response policy corresponding to the plurality of pieces of encryption configuration variable information and an encryption response state component of the encryption response policy, and the cloud platform 100 walks from a key encryption response policy corresponding to the first piece of encryption configuration variable information to a non-key encryption response policy corresponding to the last piece of encryption configuration variable information according to the encryption response state component of the encryption response policy, walks out a plurality of pieces of reference response data, and takes an encryption response state component with the largest encryption response state component in the plurality of pieces of reference response data as a target encryption response state component. The cloud platform 100 uses the encryption response behavior corresponding to each encryption response policy in the target encryption response state component as a plurality of encryption response behaviors of the second network authentication encryption configuration information. When the plurality of encryption response behaviors satisfy the first behavior feature, the cloud platform 100 may further analyze, based on the authentication attribute analysis model, authentication attributes of a plurality of reference encryption authentication response messages corresponding to the plurality of encryption response behaviors, and determine analysis information of the second network authentication encryption configuration information according to the authentication attributes of the plurality of reference encryption authentication response messages, that is, an encryption authentication response message sequence or a single encryption authentication response message corresponding to the second network authentication encryption configuration information.
In an embodiment, in order to describe the processes of S201 to S206 in more detail, by taking another example as an example, the overall process of the embodiment of the present invention is described, taking a process of synchronously updating between the cloud platform 100 and an actual security configuration firewall to perform encryption configuration as an example, when the actual security configuration firewall collects encryption configuration variable information, a target encryption configuration range of network authentication encryption configuration information may be dynamically calculated, the encryption configuration variable information is included according to the target encryption configuration range, the included network authentication encryption configuration information is sent to the cloud platform 100 in real time, the cloud platform 100 receives network authentication encryption configuration information uploaded by the actual security configuration firewall in real time, the cross-domain encryption ranges of the network authentication encryption configuration information are multiple, the cloud platform 100 analyzes each group of network authentication encryption configuration information, and determines whether the currently acquired encryption configuration information is second network authentication encryption configuration information, that is, and if the currently acquired encryption configuration information is last network authentication encryption configuration information. For each first network authentication encryption configuration information, that is, the network authentication encryption configuration information except the last network authentication encryption configuration information, the cloud platform 100 may obtain an encryption configuration template of the first network authentication encryption configuration information, and perform encryption configuration on the first network authentication encryption configuration information through processes of splitting processing, ciphertext verification item extraction, ciphertext verification item attribute, encryption response state component extension, and the like, to determine an encryption authentication response message corresponding to each first network authentication encryption configuration information. For the second network authentication encryption configuration information, the cloud platform 100 acquires the whole template matching rule information of the second network authentication encryption configuration information based on the encryption configuration template of the first network authentication encryption configuration information and the encryption configuration template of the second network authentication encryption configuration information, and according to the whole template matching rule information, the cloud platform 100 determines the encryption configuration instruction of the target network authentication encryption configuration resource based on the first network authentication encryption configuration information in the multiple sets of network authentication encryption configuration information, or the second network authentication encryption configuration information and the first network authentication encryption configuration information, so as to ensure the efficiency of encryption configuration on the premise of accurately analyzing the analysis information of the target network authentication encryption configuration resource.
In one embodiment, the overall template matching rule information of the second network authentication encryption configuration information is determined through the encryption configuration template of the network authentication encryption configuration resource recorded based on each group of network authentication encryption configuration information, the configuration integrity of the second network authentication encryption configuration information recording overall network authentication encryption configuration resource is obtained based on the overall template matching rule information, and when the overall template matching rule information meets a second behavior characteristic, encryption configuration is performed only based on the first network authentication encryption configuration information, so that the number of network authentication encryption configuration information participating in encryption configuration is reduced, and the time consumption of information processing is reduced; and encryption configuration is carried out based on the whole template matching rule information, so that the problems of inaccurate identification and low reliability caused by directly deleting the encryption configuration information of the second network authentication are avoided, and the encryption configuration efficiency is improved on the premise of ensuring the accuracy of the encryption configuration.
In some optional embodiments, there is further provided an encryption configuration method in combination with big data, where an execution subject of the embodiment of the present invention is a cloud platform 100, and the method includes:
s301, the cloud platform 100 acquires multiple groups of network authentication encryption configuration information, and the multiple groups of network authentication encryption configuration information are used for recording target network authentication encryption configuration resources.
In an embodiment, the target network authentication encryption configuration resource may be a network authentication encryption configuration resource obtained when a user interacts with a service, and the multiple sets of network authentication encryption configuration information include encryption configuration variable information corresponding to the target network authentication encryption configuration resource. The implementation of this step is the same as the process of S201, and is not described in detail here.
S302, the cloud platform 100 determines, based on the encryption configuration template of the network authentication encryption configuration resource recorded in each set of network authentication encryption configuration information, overall template matching rule information of second network authentication encryption configuration information in the plurality of sets of network authentication encryption configuration information.
In one embodiment, the second network authentication encryption configuration information is last network authentication encryption configuration information in the multiple sets of network authentication encryption configuration information, the overall template matching rule information is used for indicating the second network authentication encryption configuration information to record the configuration integrity of overall network authentication encryption configuration resources, and the overall network authentication encryption configuration resources refer to network authentication encryption configuration resources other than special network authentication encryption configuration resources. In one embodiment, the cloud platform 100 may determine, based on the virtual dongle of each piece of encryption configuration variable information included in the second network authentication encryption configuration information and the first network authentication encryption configuration information, a first encryption configuration template of a network authentication encryption configuration resource recorded in the second network authentication encryption configuration information and a second encryption configuration template of a network authentication encryption configuration resource recorded in the first network authentication encryption configuration information. The cloud platform 100 may determine overall template matching rule information of the second network authentication encryption configuration information based on template-related information between the first encryption configuration template and the second encryption configuration template. The implementation of this step is the same as the process of S203-S204, and is not described herein again.
S303, when the overall template matching rule information of the second network authentication encryption configuration information satisfies the second behavior feature, the cloud platform 100 determines, based on the first network authentication encryption configuration information in the multiple sets of network authentication encryption configuration information, an encryption configuration instruction of the target network authentication encryption configuration resource.
In one embodiment, the first network authentication encryption configuration information is network authentication encryption configuration information except for the last network authentication encryption configuration information in the plurality of sets of network authentication encryption configuration information. The second behavior feature includes: the overall template matching rule information indicates that the second network authentication encryption configuration information does not record the overall network authentication encryption configuration resource, and the rule correlation degree corresponding to the overall template matching rule information is smaller than at least one of the first preset rule correlation degrees. In one embodiment, when the overall template matching rule information satisfies the second behavior feature, the cloud platform 100 may directly discard the second network authentication encryption configuration information. The cloud platform 100 may determine, according to the encryption authentication response messages corresponding to the multiple pieces of first network authentication encryption configuration information, an encryption configuration instruction corresponding to the target network authentication encryption configuration resource. In another embodiment, when the overall template matching rule information of the second network authentication encryption configuration information satisfies the third behavior feature, the cloud platform 100 determines the encryption configuration instruction of the target network authentication encryption configuration resource based on the second network authentication encryption configuration information and the first network authentication encryption configuration information. The third behavioral characteristic includes: the overall template matching rule information indicates that the second network authentication encryption configuration information records overall network authentication encryption configuration resources, and the rule correlation degree corresponding to the overall template matching rule information is not less than at least one of the first preset rule correlation degrees. When the overall template matching rule information satisfies the third behavior characteristic, the cloud platform 100 may obtain, according to the overall template matching rule information of the second network authentication encryption configuration information, a plurality of encryption response behaviors corresponding to the network authentication encryption configuration resources recorded in the second network authentication encryption configuration information; the cloud platform 100 may further determine an encryption configuration instruction corresponding to the target network authentication encryption configuration resource according to the encryption authentication response message corresponding to the multiple encryption response behaviors and the encryption authentication response message corresponding to the first network authentication encryption configuration information. The implementation of this step is the same as the process of S205-S206, and is not described herein again.
In one embodiment, the overall template matching rule information of the second network authentication encryption configuration information is determined through the encryption configuration template of the network authentication encryption configuration resource recorded based on each group of network authentication encryption configuration information, the configuration integrity of the second network authentication encryption configuration information recording overall network authentication encryption configuration resource is obtained based on the overall template matching rule information, and when the overall template matching rule information meets the second behavior characteristic, encryption configuration is performed only based on the first network authentication encryption configuration information, so that the number of network authentication encryption configuration information participating in encryption configuration is reduced, and the time consumed for information analysis is reduced; and encryption configuration is carried out based on the whole template matching rule information, so that the problems of inaccurate identification and low reliability caused by directly deleting the encryption configuration information of the second network authentication are avoided, and the encryption configuration efficiency is improved on the premise of ensuring the accuracy of the encryption configuration.
Fig. 3 is a schematic diagram of functional modules of an intelligent remote network resource interworking deployment device 300 according to an embodiment of the present invention, and this embodiment can divide the functional modules of the intelligent remote network resource interworking deployment device 300 according to a method embodiment executed by the cloud platform 100, that is, the following functional modules corresponding to the intelligent remote network resource interworking deployment device 300 can be used to execute each method embodiment executed by the cloud platform 100. The functions of the functional modules of the intelligent allopatric network resource interworking deployment device 300 are described in detail below.
An obtaining module 310, configured to obtain network service terminal information bound to each service user, where the network service terminal information includes service topology information of a total network service terminal and a sub-network service terminal;
the issuing module 320 is configured to acquire network authentication information configured by the main network service terminal, and issue the network authentication information to the sub-network service terminal according to the service topology information, so that the sub-network service terminal and the main network service terminal establish a network security channel;
the establishing module 330 is configured to, when acquiring an authenticated user login request sent by a target computer terminal via a target sub-network service terminal, acquire an authentication certificate corresponding to the authenticated user login request, and establish a network security channel between the target computer terminal and the main network service terminal according to the authentication certificate, so that the target computer terminal is connected to a network resource of the main network service terminal through the network security channel;
a distributing module 340, configured to, when the IP address of the overall network service terminal is updated, obtain network authentication update information sent by the overall network service terminal, and distribute the network authentication update information to the sub-network service terminals.
It should be noted that the division of the modules of the above apparatus is only a logical division, and the actual implementation may be wholly or partially integrated into one physical entity, or may be physically separated. And these modules can be realized in the form of software called by processing element; or can be implemented in the form of hardware; and part of the modules can be realized in the form of calling software by the processing element, and part of the modules can be realized in the form of hardware. For example, the obtaining module 310 may be a processing element separately set up, or may be integrated into a chip of the apparatus, or may be stored in a memory of the apparatus in the form of program code, and a processing element of the apparatus calls and executes the functions of the obtaining module 310. Other modules are implemented similarly. In addition, all or part of the modules can be integrated together or can be independently realized. The processing element described herein may be an integrated circuit having signal processing capabilities. In implementation, each step of the above method or each module above may be implemented by an integrated logic circuit of hardware in a processor element or an instruction in the form of software.
For example, the above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), among others. For another example, when some of the above modules are implemented in the form of a processing element scheduler code, the processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor that can call program code. As another example, these modules may be integrated together and implemented in the form of a system-on-a-chip (SOC).
Fig. 4 is a schematic diagram illustrating a hardware structure of the cloud platform 100 for implementing the foregoing intelligent remote network resource interworking deployment method according to an embodiment of the present invention, and as shown in fig. 4, the cloud platform 100 may include a processor 110, a machine-readable storage medium 120, a bus 130, and a transceiver 140.
In a specific implementation process, at least one processor 110 executes computer-executable instructions stored in the machine-readable storage medium 120, so that the processor 110 may execute the intelligent remote network resource interworking deployment method according to the above method embodiment, where the processor 110, the machine-readable storage medium 120, and the transceiver 140 are connected through the bus 130, and the processor 110 may be configured to control a transceiving action of the transceiver 140, so as to perform data transceiving with the network service terminal 200.
For a specific implementation process of the processor 110, reference may be made to the above-mentioned method embodiments executed by the cloud platform 100, and implementation principles and technical effects are similar, which are not described herein again.
In the embodiment shown in fig. 4, it should be understood that the Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor, or in a combination of hardware and software modules.
The machine-readable storage medium 120 may comprise high-speed RAM memory, and may also include non-volatile storage NVM, such as at least one disk memory.
The bus 130 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus 130 may be divided into an address bus, a data bus, a control bus, and the like. The buses in the figures of the present invention are not limited to only one bus or type of bus for ease of illustration.
In addition, an embodiment of the present invention further provides a readable storage medium, where the readable storage medium stores a computer execution instruction, and when a processor executes the computer execution instruction, the above intelligent remote network resource interworking deployment method is implemented.
Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing detailed disclosure is to be regarded as illustrative only and not as limiting the present specification. Various modifications, improvements and adaptations to the present description may occur to those skilled in the art, though not explicitly described herein. Such modifications, improvements and adaptations are proposed in the present specification and thus fall within the spirit and scope of the exemplary embodiments of the present specification.
Also, the description uses specific words to describe embodiments of the specification. Such as "one embodiment," "one possible example," and/or "exemplary" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the specification is included. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment," "a possible example," and/or "exemplary" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, certain features, structures, or characteristics may be combined as suitable in one or more embodiments of the specification.
Finally, it should be understood that the embodiments described herein are merely illustrative of the principles of the embodiments described herein. Other variations are also possible within the scope of this description. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the specification can be considered consistent with the teachings of the specification. Accordingly, the embodiments of the present description are not limited to only those explicitly described and depicted herein.

Claims (9)

1. An intelligent allopatric network resource intercommunication deployment method is applied to a cloud platform, the cloud platform is in communication connection with a plurality of network service terminals, and the method comprises the following steps:
the cloud platform acquires network service terminal information bound by each service user, wherein the network service terminal information comprises service topology information of a total network service terminal and a sub-network service terminal;
the cloud platform acquires network authentication information configured by the total network service terminal and issues the network authentication information to the sub-network service terminal according to the service topology information;
when an authentication user login request sent by a target computer terminal through a target sub-network service terminal is obtained, network authentication information corresponding to the authentication user login request is obtained, and a network security channel between the target computer terminal and the main network service terminal is established according to the network authentication information, so that the target computer terminal is connected with network resources of the main network service terminal through the network security channel, wherein the network security channel adopts a VPN channel;
when the IP address of the main network service terminal is updated, acquiring network authentication update information sent by the main network service terminal, and distributing the network authentication update information to the sub-network service terminals;
the method further comprises the following steps:
carrying out encryption configuration on the configured network authentication information;
wherein, the step of carrying out encryption configuration on the configured network authentication information comprises the following steps:
acquiring corresponding network authentication encryption configuration information according to the network authentication information, performing encryption configuration variable information identification on the network authentication encryption configuration information, and performing ciphertext verification project analysis on the acquired encryption configuration variable information to obtain a ciphertext verification project attribute of the encryption configuration variable information; the network authentication encryption configuration information is used for recording target network authentication encryption configuration resources;
determining an encryption authentication response message or an encryption authentication response message sequence corresponding to the encryption configuration variable information according to the ciphertext verification item attribute;
determining an encryption configuration instruction corresponding to the target network authentication encryption configuration resource according to the encryption authentication response message or the encryption authentication response message sequence;
and configuring a corresponding encryption access channel for the configured network authentication information based on the encryption configuration instruction corresponding to the target network authentication encryption configuration resource.
2. The intelligent allopatric network resource intercommunication deployment method as claimed in claim 1, wherein network authentication encryption configuration information is obtained, encryption configuration variable information identification is performed on the network authentication encryption configuration information, and ciphertext verification project analysis is performed on the obtained encryption configuration variable information to obtain a ciphertext verification project attribute of the encryption configuration variable information; the network authentication encryption configuration information is used for recording target network authentication encryption configuration resources, and includes:
acquiring multiple groups of network authentication encryption configuration information, wherein the multiple groups of network authentication encryption configuration information are used for recording target network authentication encryption configuration resources;
identifying encryption configuration variable information of first network authentication encryption configuration information in the multiple groups of network authentication encryption configuration information to obtain multiple pieces of encryption configuration variable information, wherein the first network authentication encryption configuration information is network authentication encryption configuration information except tail network authentication encryption configuration information in the multiple groups of network authentication encryption configuration information;
extracting a ciphertext verification project from each piece of encryption configuration variable information to obtain the ciphertext verification project of each piece of encryption configuration variable information;
acquiring an encryption configuration variable information sequence of a first target cross-domain encryption range according to the first target cross-domain encryption range and a second target cross-domain encryption range, wherein the first target cross-domain encryption range is used for indicating the cross-domain encryption range of the encryption configuration variable information sequence corresponding to the primary ciphertext verification project attribute determination process;
and determining the ciphertext verification item attribute of each piece of encryption configuration variable information based on the ciphertext verification item of each encryption configuration variable information sequence in the encryption configuration variable information sequence of the first target cross-domain encryption range.
3. The intelligent allopatric network resource interworking deployment method of claim 2, wherein determining an encryption authentication response message or an encryption authentication response message sequence corresponding to the encryption configuration variable information according to the ciphertext verification project attribute comprises:
determining an encryption response behavior of each piece of encryption configuration variable information according to the ciphertext verification item attribute of each piece of encryption configuration variable information;
determining an encryption authentication response message or an encryption authentication response message sequence corresponding to the plurality of pieces of encryption configuration variable information according to a plurality of encryption response behaviors of the plurality of pieces of encryption configuration variable information;
determining an encryption configuration instruction corresponding to the target network authentication encryption configuration resource according to the encryption authentication response message or the encryption authentication response message sequence, including:
and determining an encryption configuration instruction corresponding to the target network authentication encryption configuration resource according to the encryption authentication response message corresponding to the first network authentication encryption configuration information.
4. The intelligent allopatric network resource interworking deployment method of claim 3, wherein the determining the encryption response behavior of each piece of encryption configuration variable information according to the ciphertext verification item attribute of each piece of encryption configuration variable information comprises:
and for each piece of encryption configuration variable information, screening out a reference encryption response behavior corresponding to the maximum response circulation amount from a plurality of reference encryption response behaviors of each piece of encryption configuration variable information according to the ciphertext verification item attribute of each piece of encryption configuration variable information, wherein the reference encryption response behavior is used as the encryption response behavior of each piece of encryption configuration variable information, and the ciphertext verification item attribute of each piece of encryption configuration variable information comprises a plurality of corresponding reference encryption response behaviors and the authentication attribute of each reference encryption response behavior.
5. The method as claimed in claim 3, wherein the determining the encrypted authentication response message or the sequence of encrypted authentication response messages corresponding to the plurality of encrypted configuration variable information according to the plurality of encrypted response behaviors of the plurality of encrypted configuration variable information comprises:
determining an encryption response strategy and an encryption response state component of the encryption response strategy corresponding to the plurality of pieces of encryption configuration variable information;
according to the encryption response state component of the encryption response strategy, migrating from the key encryption response strategy corresponding to the first encryption configuration variable information to the non-key encryption response strategy corresponding to the last encryption configuration variable information, and migrating out a plurality of pieces of reference response data;
taking the encrypted response state component with the maximum response frequency corresponding to the encrypted response state components in the plurality of pieces of reference response data as a target encrypted response state component;
according to the encryption response behaviors corresponding to the encryption response strategies in the target encryption response state component, the encryption response behaviors are used as a plurality of encryption response behaviors of the first network authentication encryption configuration information;
when the plurality of encryption response behaviors meet a first behavior characteristic, analyzing the authentication attributes of a plurality of reference encryption authentication response messages corresponding to the plurality of encryption response behaviors based on an authentication attribute analysis model, wherein the first behavior characteristic is that the corresponding reliabilities of the plurality of encryption response behaviors meet a condition;
and determining the encrypted authentication response message or the encrypted authentication response message sequence corresponding to the plurality of pieces of encrypted configuration variable information according to the authentication attributes of the plurality of reference encrypted authentication response messages.
6. The method as claimed in claim 5, wherein the determining the encryption response policy and the encryption response status component of the encryption response policy corresponding to the plurality of pieces of encryption configuration variable information comprises:
for each piece of encryption configuration variable information, acquiring a plurality of temporary encryption response strategies of a first encryption response strategy according to the first encryption response strategy corresponding to the previous piece of encryption configuration variable information of each piece of encryption configuration variable information, wherein each temporary encryption response strategy is used for indicating a reference encryption response behavior of each piece of encryption configuration variable information;
obtaining the authentication attribute of each reference encryption response behavior from the ciphertext verification item attribute of each piece of encryption configuration variable information;
determining a second encryption response strategy from the plurality of temporary encryption response strategies according to the authentication attribute of each reference encryption response behavior;
and taking the second encryption response strategy as the encryption response strategy of each piece of encryption configuration variable information, wherein the encryption response state component of the second encryption response strategy is the authentication attribute of the corresponding reference encryption response behavior.
7. The intelligent allopatric network resource interworking deployment method of claim 3, wherein before determining the encryption configuration command corresponding to the target network authentication encryption configuration resource according to the encryption authentication response message corresponding to the first network authentication encryption configuration information, the method further comprises:
determining integral template matching rule information of second network authentication encryption configuration information in the multiple groups of network authentication encryption configuration information based on an encryption configuration template of network authentication encryption configuration resources recorded by each group of network authentication encryption configuration information, wherein the integral template matching rule information is used for indicating the second network authentication encryption configuration information to record the configuration integrity of the integral network authentication encryption configuration resources, the integral network authentication encryption configuration resources are network authentication encryption configuration resources except special network authentication encryption configuration resources, and the second network authentication encryption configuration information is tail network authentication encryption configuration information in the multiple groups of network authentication encryption configuration information;
the determining, according to the encryption authentication response message corresponding to the first network authentication encryption configuration information, the encryption configuration instruction corresponding to the target network authentication encryption configuration resource includes: when the whole template matching rule information of the second network authentication encryption configuration information meets a second behavior characteristic, determining an encryption configuration instruction corresponding to the target network authentication encryption configuration resource according to an encryption authentication response message corresponding to the first network authentication encryption configuration information; wherein the second behavior feature comprises: the whole template matching rule information indicates that the second network authentication encryption configuration information does not record whole network authentication encryption configuration resources, and the rule correlation degree corresponding to the whole template matching rule information is less than at least one of first preset rule correlation degrees;
the determining, based on the encryption configuration template of the network authentication encryption configuration resource recorded in each set of network authentication encryption configuration information, the overall template matching rule information of the second network authentication encryption configuration information in the plurality of sets of network authentication encryption configuration information includes:
determining a first encryption configuration template of the network authentication encryption configuration resource recorded by the second network authentication encryption configuration information and a second encryption configuration template of the network authentication encryption configuration resource recorded by the first network authentication encryption configuration information based on the virtual encryption lock of each piece of encryption configuration variable information included by the second network authentication encryption configuration information and the first network authentication encryption configuration information;
determining integral template matching rule information of the second network authentication encryption configuration information based on template related information between the first encryption configuration template and the second encryption configuration template;
the determining, based on the virtual encryption lock of each piece of encryption configuration variable information included in the second network authentication encryption configuration information and the first network authentication encryption configuration information, a first encryption configuration template of the network authentication encryption configuration resource recorded in the second network authentication encryption configuration information and a second encryption configuration template of the network authentication encryption configuration resource recorded in the first network authentication encryption configuration information includes:
for the second network authentication encryption configuration information, acquiring a first encryption configuration template of the network authentication encryption configuration resource recorded by the second network authentication encryption configuration information according to the virtual encryption lock of each piece of encryption configuration variable information in the second network authentication encryption configuration information;
for each piece of first network authentication encryption configuration information, according to an associated encryption lock between the first network authentication encryption configuration information and the second network authentication encryption configuration information and a virtual encryption lock of each piece of encryption configuration variable information in the first network authentication encryption configuration information, obtaining a second encryption configuration template of network authentication encryption configuration resources recorded by the first network authentication encryption configuration information, wherein the associated encryption lock is used for indicating the virtual encryption lock of a business service item in the first network authentication encryption configuration information to the associated information of the virtual encryption lock of the encryption configuration variable information in the second network authentication encryption configuration information;
the determining, based on the template-related information between the first encryption configuration template and the second encryption configuration template, the overall template matching rule information of the second network authentication encryption configuration information includes:
determining a plurality of key encryption configuration templates corresponding to the first network authentication encryption configuration information according to a second encryption configuration template of the network authentication encryption configuration resource recorded by each first network authentication encryption configuration information;
according to the key encryption configuration template and the first encryption configuration template, determining relevant matching rule information of the first encryption configuration template relative to template relevant information of the first encryption configuration template and the key encryption configuration template, and determining the relevant matching rule information as the whole template matching rule information;
the determining, according to the encryption authentication response message corresponding to the first network authentication encryption configuration information, the encryption configuration instruction corresponding to the target network authentication encryption configuration resource includes:
when the overall template matching rule information of the second network authentication encryption configuration information meets the third behavior characteristic, acquiring a plurality of encryption response behaviors corresponding to the network authentication encryption configuration resources recorded by the second network authentication encryption configuration information according to the overall template matching rule information of the second network authentication encryption configuration information;
determining an encryption configuration instruction corresponding to the target network authentication encryption configuration resource according to the encryption authentication response messages corresponding to the multiple encryption response behaviors and the encryption authentication response message corresponding to the first network authentication encryption configuration information; wherein the third behavior is characterized by: the overall template matching rule information indicates that the second network authentication encryption configuration information records overall network authentication encryption configuration resources, and the rule correlation degree corresponding to the overall template matching rule information is not less than at least one of first preset rule correlation degrees.
8. A cloud platform, characterized in that the cloud platform comprises a processor, a machine-readable storage medium, and a network interface, the machine-readable storage medium, the network interface, and the processor are connected through a bus system, the network interface is used for being connected with at least one network service terminal in a communication manner, the machine-readable storage medium is used for storing a program, and the processor is used for executing the program in the machine-readable storage medium to execute the intelligent allopatric network resource intercommunication deployment method according to any one of claims 1 to 7.
9. An intelligent allopatric network resource intercommunication deployment system is characterized by comprising a cloud platform and a network service terminal in communication connection with the cloud platform; the cloud platform is to:
acquiring network service terminal information bound by each service user, wherein the network service terminal information comprises service topology information of a total network service terminal and a sub-network service terminal;
the cloud platform acquires network authentication information configured by the main network service terminal, and issues the network authentication information to the sub-network service terminal according to the service topology information, so that the sub-network service terminal and the main network service terminal establish a network security channel;
when an authentication user login request sent by a target computer terminal through a target sub-network service terminal is obtained, an authentication certificate corresponding to the authentication user login request is obtained, and a network security channel between the target computer terminal and the main network service terminal is established according to the authentication certificate, so that the target computer terminal is connected with network resources of the main network service terminal through the network security channel;
when the IP address of the total network service terminal is updated, acquiring network authentication update information sent by the total network service terminal, and distributing the network authentication update information to the sub-network service terminals:
the cloud platform is further configured to:
carrying out encryption configuration on the configured network authentication information;
wherein, the encrypting the configured network authentication information includes:
acquiring corresponding network authentication encryption configuration information according to the network authentication information, performing encryption configuration variable information identification on the network authentication encryption configuration information, and performing ciphertext verification project analysis on the acquired encryption configuration variable information to obtain a ciphertext verification project attribute of the encryption configuration variable information; the network authentication encryption configuration information is used for recording target network authentication encryption configuration resources;
determining an encryption authentication response message or an encryption authentication response message sequence corresponding to the encryption configuration variable information according to the ciphertext verification project attribute;
determining an encryption configuration instruction corresponding to the target network authentication encryption configuration resource according to the encryption authentication response message or the encryption authentication response message sequence;
and configuring a corresponding encryption access channel for the configured network authentication information based on the encryption configuration instruction corresponding to the target network authentication encryption configuration resource.
CN202210820179.XA 2022-07-13 2022-07-13 Intelligent remote network resource intercommunication deployment method, system and cloud platform Active CN114900374B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210820179.XA CN114900374B (en) 2022-07-13 2022-07-13 Intelligent remote network resource intercommunication deployment method, system and cloud platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210820179.XA CN114900374B (en) 2022-07-13 2022-07-13 Intelligent remote network resource intercommunication deployment method, system and cloud platform

Publications (2)

Publication Number Publication Date
CN114900374A CN114900374A (en) 2022-08-12
CN114900374B true CN114900374B (en) 2022-10-14

Family

ID=82729846

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210820179.XA Active CN114900374B (en) 2022-07-13 2022-07-13 Intelligent remote network resource intercommunication deployment method, system and cloud platform

Country Status (1)

Country Link
CN (1) CN114900374B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116367157B (en) * 2023-06-01 2023-08-01 深圳市北测检测技术有限公司 Security authentication method and device based on 5G communication network

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113890767A (en) * 2021-11-12 2022-01-04 中国联合网络通信集团有限公司 Network access method, device, equipment and storage medium
CN114143082A (en) * 2021-11-30 2022-03-04 北京天融信网络安全技术有限公司 Encryption communication method, system and device
CN114513447A (en) * 2020-10-27 2022-05-17 中国移动通信有限公司研究院 SD-WAN (secure digital-to-Wide area network) service issuing system, method, device and network equipment

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10616180B2 (en) * 2014-06-20 2020-04-07 Zscaler, Inc. Clientless connection setup for cloud-based virtual private access systems and methods
US9350710B2 (en) * 2014-06-20 2016-05-24 Zscaler, Inc. Intelligent, cloud-based global virtual private network systems and methods
CN105493453B (en) * 2014-12-30 2019-02-01 华为技术有限公司 It is a kind of to realize the method, apparatus and system remotely accessed
US10979395B2 (en) * 2019-04-16 2021-04-13 Fortinet, Inc. Automatic virtual private network (VPN) establishment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114513447A (en) * 2020-10-27 2022-05-17 中国移动通信有限公司研究院 SD-WAN (secure digital-to-Wide area network) service issuing system, method, device and network equipment
CN113890767A (en) * 2021-11-12 2022-01-04 中国联合网络通信集团有限公司 Network access method, device, equipment and storage medium
CN114143082A (en) * 2021-11-30 2022-03-04 北京天融信网络安全技术有限公司 Encryption communication method, system and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
基于私有云平台的VPN与域控系统集成研究;陈源等;《江苏科技信息》;20200710(第19期);第38-39页 *
安全通道服务调度子系统的设计与实现;范树全;《中国优秀硕士学位论文全文数据库信息科技辑》;20181015(第10期);第30-37页 *

Also Published As

Publication number Publication date
CN114900374A (en) 2022-08-12

Similar Documents

Publication Publication Date Title
CN108777625B (en) Signature verification method, device and system, storage medium and electronic device
CN108769163B (en) Alliance chain consensus achieving method, equipment and computer readable storage medium
WO2021139788A1 (en) Cloud gateway configuration method, system, apparatus, and computer readable storage medium
US20160352862A1 (en) Identity and policy enforced inter-cloud and intra-cloud channel
CN110741400A (en) Block chain network interaction controller
CN112261155B (en) Internet of things access control method with dynamic consensus based on block chains of alliances
CN108509615B (en) Consensus establishing method and device based on drawing mechanism and readable storage medium
CN110597489B (en) Random number generation method, equipment and medium
CN110516417B (en) Authority verification method and device of intelligent contract
CN111506584A (en) Service data processing method and device based on block chain and computer equipment
CN109614781A (en) A kind of account management method, system and terminal device
CN114900374B (en) Intelligent remote network resource intercommunication deployment method, system and cloud platform
US11875188B2 (en) Data processing system using directed acyclic graph and method of use thereof
CN112308561A (en) Block chain-based evidence storing method and system, computer equipment and storage medium
CN111010381A (en) Cross-chain-based identity authentication method and system
CN105991596A (en) Access control method and system
CN111368311A (en) Block chain-based point management method and related device
WO2022267715A1 (en) Oracle machine node screening method and apparatus, and storage medium and electronic apparatus
CN110990790B (en) Data processing method and equipment
CN112699136B (en) Cross-link certificate storage method and related device
Lin et al. A proof-of-majority consensus protocol for blockchain-enabled collaboration infrastructure of 5G network slice brokers
Wu et al. Design and implementation of cloud API access control based on OAuth
CN112910953B (en) Business data pushing method and device and server
Goncalves et al. Distributed network slicing management using blockchains in E-health environments
CN107040509A (en) A kind of file transmitting method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant