CN115333781A - Access control security system, method and firewall based on environment data certificate - Google Patents
Access control security system, method and firewall based on environment data certificate Download PDFInfo
- Publication number
- CN115333781A CN115333781A CN202210843206.5A CN202210843206A CN115333781A CN 115333781 A CN115333781 A CN 115333781A CN 202210843206 A CN202210843206 A CN 202210843206A CN 115333781 A CN115333781 A CN 115333781A
- Authority
- CN
- China
- Prior art keywords
- access control
- control security
- accessed
- application service
- environment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000012795 verification Methods 0.000 claims description 38
- 230000007613 environmental effect Effects 0.000 claims description 24
- 238000004590 computer program Methods 0.000 claims description 17
- 238000013475 authorization Methods 0.000 claims description 15
- 230000008859 change Effects 0.000 abstract description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to an access control security system based on an environment data certificate, which comprises a first access control security component, a second access control security component and a third access control security component, wherein the first access control security component generates a request message according to collected environment multi-factor information and an intercepted access request and sends the request message to the second access control security component; the second access control security module acquires the environment multi-factor information and the application service to be accessed, determines whether the terminal equipment is allowed to access the application service according to an access control result returned by the third access control security module, and the third access control security module verifies the environment factor information to obtain an access control result. The invention realizes the environment data authentication based on the hardware environment, the software environment and the network environment on the terminal equipment, prevents the terminal equipment from accessing the application service once the terminal equipment has the change which may cause harm to the accessed application service, and constructs a safer and more reliable network access environment. The invention also relates to an access control security method and a firewall based on the environment data certificate.
Description
Technical Field
The invention relates to the technical field of information security, in particular to an access control security system, an access control method and a firewall based on an environment data certificate.
Background
Various services performed on the internet generally require that various parties (people, terminal devices, servers, etc.) participating in the services hold various digital certificates in order to ensure the information security of users. However, the hardware environment, the software environment, and the network environment of the terminal device may change at any time, and once a change that may harm the accessed application service occurs on the terminal device, how to construct a more secure and reliable network access environment for different security requirements of abundant business categories such as e-commerce and network finance is a technical problem that needs to be solved urgently at present.
Disclosure of Invention
The invention aims to solve the technical problem of providing an access control security system, a method and a firewall based on an environment data certificate aiming at the defects of the prior art.
The technical scheme for solving the technical problems is as follows:
an access control security system based on environmental data credentials, the access control security system comprising a first access control security component, a second access control security component, and a third access control security component:
the first access control security component is used for acquiring environment multi-factor information of the terminal equipment, intercepting an access request sent by the terminal equipment to an application service to be accessed, generating a request message according to the environment multi-factor information and the access request, and sending the request message to the second access control security component;
the second access control security module is configured to obtain the environment multi-factor information and the application service to be accessed from the request message, send the environment multi-factor information to the third access control security module if the application service to be accessed belongs to a preset protection service class, and determine whether the terminal device is allowed to access the application service to be accessed according to an access control result returned by the third access control security module;
and the third access control security module is used for verifying the environmental factor information according to a preset identity verification strategy of the application service to be accessed to obtain the access control result.
The method has the beneficial effects that: an access control security system based on environmental data credentials is proposed, the access control security system comprising a first access control security component, a second access control security component and a third access control security component: the first access control security component is used for acquiring environment multi-factor information of the terminal equipment, intercepting an access request sent by the terminal equipment to an application service to be accessed, generating a request message according to the environment multi-factor information and the access request, and sending the request message to the second access control security component; the second access control security module is configured to obtain the environment multi-factor information and the application service to be accessed from the request message, send the environment multi-factor information to the third access control security module if the application service to be accessed belongs to a preset protection service class, and determine whether the terminal device is allowed to access the application service to be accessed according to an access control result returned by the third access control security module; and the third access control security module is used for verifying the environmental factor information according to a preset identity verification strategy of the application service to be accessed to obtain the access control result. The invention realizes the environment data authentication based on the hardware environment, the software environment and the network environment on the terminal equipment, prevents the terminal equipment from accessing the application service once the terminal equipment has the change which may cause harm to the accessed application service, and constructs a safer and more reliable network access environment.
On the basis of the technical scheme, the invention can be further improved as follows.
Further, the first access control security component is specifically configured to collect environmental multi-factor information of the terminal device through a client proxy service, a browser plug-in or a browser control that is provided in the terminal device, where the environmental multi-factor information includes a terminal number, a hardware environment parameter class, a system environment parameter class, a user usage habit class, a terminal network address class, a user identity class, and a user secondary verification parameter class.
Further, the second access control security module is specifically configured to parse the access request to obtain environment multi-factor information of the terminal device and information of the application service to be accessed;
performing single-packet authorization authentication on the access request, and if the access request passes the single-packet authorization authentication, judging whether the application service to be accessed is the preset protection service class;
and if so, sending the environment multi-factor information of the terminal equipment and the information of the application service to be accessed to the third access control security module.
Further, the third access control security module is specifically configured to determine, according to the information of the application service to be accessed, an identity authentication policy corresponding to the application service to be accessed;
respectively verifying the environment factor information based on each sub-verification strategy in the identity verification strategies to obtain a verification result of each sub-verification strategy;
and obtaining the access control result according to a preset verification strategy rule and the verification result of each sub-verification strategy.
Further, the second access control security module is specifically configured to parse the access request to obtain environment multi-factor information of the terminal device and information of the application service to be accessed;
judging whether the access request is a standard protocol or not;
if yes, judging whether the application service to be accessed belongs to the preset protection service class or not;
if so, sending the environment multi-factor information of the terminal equipment and the information of the application service to be accessed to the third access control security module for verification;
when the access control result returned by the third access control security module is access permission, a single-packet authorization channel is established between the terminal equipment and the application service to be accessed;
and if the application service to be accessed does not belong to the preset protection service class, allowing the terminal equipment to access the application service to be accessed.
Another technical solution of the present invention for solving the above technical problems is as follows:
the first access control security component acquires environment multi-factor information of the terminal equipment, intercepts an access request sent by the terminal equipment to an application service to be accessed, generates a request message according to the environment multi-factor information and the access request, and sends the request message to a second access control security component;
the second access control security module acquires the environment multi-factor information and the application service to be accessed from the request message, if the application service to be accessed belongs to a preset protection service class, the environment multi-factor information is sent to a third access control security module, and whether the terminal equipment is allowed to access the application service to be accessed is determined according to an access control result returned by the third access control security module;
and the third access control security module verifies the environmental factor information according to a preset identity verification strategy of the application service to be accessed to obtain the access control result.
Further, the method further comprises:
the first access control security component collects environment multi-factor information of the terminal equipment through a client proxy service, a browser plug-in or a browser control which are arranged on the terminal equipment, wherein the environment multi-factor information comprises a terminal number, a hardware environment parameter class, a system environment parameter class, a user use habit class, a terminal network address class, a user identity class and a user secondary verification parameter class.
Further, the method further comprises:
the first access control security component collects environment multi-factor information of the terminal equipment through a client proxy service, a browser plug-in or a browser control which are arranged on the terminal equipment, wherein the environment multi-factor information comprises a terminal number, a hardware environment parameter class, a system environment parameter class, a user use habit class, a terminal network address class, a user identity class and a user secondary verification parameter class.
The present application provides a firewall, comprising a memory, a processor and a computer program stored in the memory and operable on the processor, wherein the processor implements the steps of the access control security method based on the environment data certificate according to any one of the above technical solutions when executing the computer program.
In addition, the application gateway device further includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the access control security method based on the environment data certificate according to any one of the above technical solutions when executing the computer program.
Advantages of additional aspects of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments of the present invention or in the description of the prior art will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a block diagram of an access control security system based on environmental data certificates according to an embodiment of the present invention;
FIG. 2 is a schematic flowchart illustrating a security access control method based on environment data certificates according to another embodiment of the present invention;
fig. 3 is a flowchart of a second access control security component in an access control security system based on environmental data credentials according to another embodiment of the present invention.
Fig. 4 is a flowchart of a second access control security component in an access control security system based on environmental data credentials according to another embodiment of the present invention.
Fig. 5 is a schematic block diagram of an application gateway device according to another embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, shall fall within the protection scope of the present invention.
As shown in fig. 1, an access control security system based on environmental data certificates according to an embodiment of the present invention includes a first access control security component, a second access control security component, and a third access control security component.
The first access control security component is used for acquiring environment multi-factor information of the terminal equipment, intercepting an access request sent by the terminal equipment to an application service to be accessed, generating a request message according to the environment multi-factor information and the access request, and sending the request message to the second access control security component;
the second access control security module is configured to obtain the environment multi-factor information and the application service to be accessed from the request message, send the environment multi-factor information to the third access control security module if the application service to be accessed belongs to a preset protection service class, and determine whether the terminal device is allowed to access the application service to be accessed according to an access control result returned by the third access control security module;
and the third access control security module is used for verifying the environmental factor information according to a preset identity verification strategy of the application service to be accessed to obtain the access control result.
Based on the foregoing embodiment, further, the first access control security component is specifically configured to collect environment multi-factor information of the terminal device through a client proxy service, a browser plug-in, or a browser control that is provided in the terminal device, where the environment multi-factor information includes a terminal number, a hardware environment parameter class, a system environment parameter class, a user usage habit class, a terminal network address class, a user identity class, and a user secondary authentication parameter class.
Specifically, the environment multi-factor information in the present application may specifically include the following:
TABLE 1 Environment multifactor information List
Based on the foregoing embodiment, further, the second access control security module is specifically configured to parse the access request to obtain environment multi-factor information of the terminal device and information of the application service to be accessed;
performing single-packet authorization authentication on the access request, and judging whether the application service to be accessed is the preset protection service class or not if the access request passes the single-packet authorization authentication;
and if so, sending the environment multi-factor information of the terminal equipment and the information of the application service to be accessed to the third access control security module.
Based on the above embodiment, the third access control security module is specifically configured to determine, according to the application service to be accessed, an authentication policy corresponding to the application service to be accessed;
respectively verifying the environmental factor information based on each sub-verification strategy in the identity verification strategies to obtain a verification result of each sub-verification strategy;
and obtaining the access control result according to a preset verification strategy rule and the verification result of each sub-verification strategy.
Based on the foregoing embodiment, further, the second access control security module is specifically configured to parse the access request to obtain environment multi-factor information of the terminal device and information of the application service to be accessed;
judging whether the access request is a standard protocol or not;
if yes, judging whether the application service to be accessed belongs to a preset protection service class or not;
if so, sending the environment multi-factor information of the terminal equipment and the information of the application service to be accessed to the third access control security module for verification;
when the access control result returned by the third access control security module allows access, a single-packet authorization channel is established between the terminal equipment and the application service to be accessed;
and if the application service to be accessed does not belong to the preset protection service class, allowing the terminal equipment to access the application service to be accessed.
Specifically, as shown in fig. 3-4, the second access control security module performs target address resolution on an access request to the target application service P2 initiated by the terminal device P1, so as to obtain an address of the target application service P2.
And judging whether the access request uses a standard protocol, if so, judging whether to access the target application service P2, wherein the target application service P2 is an application service to be protected.
If yes, sending the environment multi-factor information of the terminal device P1 and the information of the target application service P2 to a security control center to perform identity verification and authentication on the terminal device P1, and if the authentication is successful, allowing a single-packet authorization channel to be established between the terminal device P1 and the target application service P2.
If the terminal device P1 accesses the target application service P1 and the target application service P1 is not an application service that needs to be protected, the terminal device P1 is allowed to access the target application service P1.
If the access request does not use the standard protocol, a single-packet authorization channel is established between the terminal device P1 and the target application service P2.
As shown in fig. 2, an access control security method based on environment data certificate includes the following steps:
the first access control security component collects environment multi-factor information of the terminal equipment, intercepts an access request sent by the terminal equipment to an application service to be accessed, generates a request message according to the environment multi-factor information and the access request, and sends the request message to the second access control security component.
The second access control security module acquires the environment multi-factor information and the application service to be accessed from the request message, if the application service to be accessed belongs to a preset protection service class, the environment multi-factor information is sent to the third access control security module, and whether the terminal equipment is allowed to access the application service to be accessed is determined according to an access control result returned by the third access control security module.
And the third access control security module verifies the environmental factor information according to a preset identity verification strategy of the application service to be accessed to obtain the access control result.
Further, the method further comprises:
the first access control security component collects environment multi-factor information of the terminal equipment through a client proxy service, a browser plug-in or a browser control which are arranged on the terminal equipment, wherein the environment multi-factor information comprises a terminal number, a hardware environment parameter class, a system environment parameter class, a user use habit class, a terminal network address class, a user identity class and a user secondary verification parameter class.
Further, the method further comprises:
the second access control security module analyzes the access request to obtain environment multi-factor information of the terminal equipment and information of the application service to be accessed;
performing single-packet authorization authentication on the access request, and judging whether the application service to be accessed is the preset protection service class or not if the access request passes the single-packet authorization authentication;
and if so, sending the environment multi-factor information of the terminal equipment and the information of the application service to be accessed to the third access control security module.
The present application provides a firewall, comprising a memory, a processor and a computer program stored in the memory and operable on the processor, wherein the processor implements the steps of the access control security method based on the environment data certificate according to any one of the above technical solutions when executing the computer program.
Furthermore, as shown in fig. 5, the present application further provides an application gateway device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the processor implements the steps of the access control security method based on the environment data certificate according to any one of the above technical solutions.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other ways. For example, the above-described embodiments of the apparatus/terminal device are merely illustrative, and for example, the division of the modules or units is only one type of logical function division, and other division manners may be available in actual implementation, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in the form of hardware, or may also be implemented in the form of a software functional unit.
The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium.
Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments described above may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer memory, read-only memory (ROM), random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, etc. It should be noted that the computer readable medium may contain suitable additions or subtractions depending on the requirements of legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media may not include electrical carrier signals or telecommunication signals in accordance with legislation and patent practice.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.
While the invention has been described with reference to specific embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. An access control security system based on environmental data credentials, the access control security system comprising a first access control security component, a second access control security component, and a third access control security component:
the first access control security component is used for acquiring environment multi-factor information of the terminal equipment, intercepting an access request sent by the terminal equipment to an application service to be accessed, generating a request message according to the environment multi-factor information and the access request, and sending the request message to the second access control security component;
the second access control security module is configured to obtain the environment multi-factor information and the application service to be accessed from the request message, send the environment multi-factor information to the third access control security module if the application service to be accessed belongs to a preset protection service class, and determine whether the terminal device is allowed to access the application service to be accessed according to an access control result returned by the third access control security module;
and the third access control security module is used for verifying the environmental factor information according to a preset identity verification strategy of the application service to be accessed to obtain the access control result.
2. Access control security system based on environmental data credentials according to claim 1,
the first access control security component is specifically used for acquiring environment multi-factor information of the terminal equipment through a client proxy service, a browser plug-in or a browser control which are arranged on the terminal equipment, wherein the environment multi-factor information comprises a terminal number, a hardware environment parameter class, a system environment parameter class, a user use habit class, a terminal network address class, a user identity class and a user secondary verification parameter class.
3. An access control security system based on environmental data credentials according to claim 1,
the second access control security module is specifically configured to parse the access request to obtain environment multi-factor information of the terminal device and information of the application service to be accessed;
performing single-packet authorization authentication on the access request, and if the access request passes through the single-packet authorization authentication, judging whether the application service to be accessed is the preset protection service class;
and if so, sending the environment multi-factor information of the terminal equipment and the information of the application service to be accessed to the third access control security module.
4. An access control security system based on environmental data credentials according to claim 3,
the third access control security module is specifically configured to determine, according to the information of the application service to be accessed, an identity authentication policy corresponding to the application service to be accessed;
respectively verifying the environment factor information based on each sub-verification strategy in the identity verification strategies to obtain a verification result of each sub-verification strategy;
and obtaining the access control result according to a preset verification strategy rule and the verification result of each sub-verification strategy.
5. Access control security system based on environmental data credentials according to claim 1,
the second access control security module is specifically configured to parse the access request to obtain environment multi-factor information of the terminal device and information of the application service to be accessed;
judging whether the access request is a standard protocol or not;
if yes, judging whether the application service to be accessed belongs to the preset protection service class or not;
if so, sending the environment multi-factor information of the terminal equipment and the information of the application service to be accessed to the third access control security module for verification;
when the access control result returned by the third access control security module is that access is allowed, a single-packet authorization channel is established between the terminal equipment and the application service to be accessed;
and if the application service to be accessed does not belong to the preset protection service class, allowing the terminal equipment to access the application service to be accessed.
6. An access control security method based on environment data certificate, the access control security system based on environment data certificate of any one of claims 1-5, the method comprising:
the first access control security component acquires environment multi-factor information of the terminal equipment, intercepts an access request sent by the terminal equipment to an application service to be accessed, generates a request message according to the environment multi-factor information and the access request, and sends the request message to a second access control security component;
the second access control security module acquires the environment multi-factor information and the application service to be accessed from the request message, if the application service to be accessed belongs to a preset protection service class, the environment multi-factor information is sent to a third access control security module, and whether the terminal equipment is allowed to access the application service to be accessed is determined according to an access control result returned by the third access control security module;
and the third access control security module verifies the environmental factor information according to a preset identity verification strategy of the application service to be accessed to obtain the access control result.
7. The environmental data certificate-based access control security method of claim 6, further comprising:
the first access control security component collects environment multi-factor information of the terminal equipment through a client proxy service, a browser plug-in or a browser control which are arranged on the terminal equipment, wherein the environment multi-factor information comprises a terminal number, a hardware environment parameter class, a system environment parameter class, a user use habit class, a terminal network address class, a user identity class and a user secondary verification parameter class.
8. The method of claim 6, wherein the method further comprises:
the second access control security module analyzes the access request to obtain environment multi-factor information of the terminal equipment and information of the application service to be accessed;
performing single-packet authorization authentication on the access request, and if the access request passes the single-packet authorization authentication, judging whether the application service to be accessed is the preset protection service class;
and if so, sending the environment multi-factor information of the terminal equipment and the information of the application service to be accessed to the third access control security module.
9. A firewall comprising a memory, a processor and a computer program stored in said memory and executable on said processor, wherein said processor when executing said computer program carries out the steps of the access control security method based on environmental data credentials according to any one of claims 6 to 8.
10. An application gateway device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the method for access control security based on environmental data credentials according to any of claims 6 to 8 when executing the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210843206.5A CN115333781A (en) | 2022-07-18 | 2022-07-18 | Access control security system, method and firewall based on environment data certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210843206.5A CN115333781A (en) | 2022-07-18 | 2022-07-18 | Access control security system, method and firewall based on environment data certificate |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115333781A true CN115333781A (en) | 2022-11-11 |
Family
ID=83918117
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210843206.5A Pending CN115333781A (en) | 2022-07-18 | 2022-07-18 | Access control security system, method and firewall based on environment data certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115333781A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11082430B1 (en) * | 2018-05-31 | 2021-08-03 | Amazon Technologies, Inc. | Device authorizations using certificates and service access policy templates |
| CN113312674A (en) * | 2021-06-18 | 2021-08-27 | 北京泰立鑫科技有限公司 | Access security method and system based on multi-factor environment perception digital certificate |
| WO2022062918A1 (en) * | 2020-09-25 | 2022-03-31 | 统信软件技术有限公司 | Control method for strategy implementation, strategy implementation system, and computing device |
| CN114553568A (en) * | 2022-02-25 | 2022-05-27 | 重庆邮电大学 | Resource access control method based on zero-trust single packet authentication and authorization |
-
2022
- 2022-07-18 CN CN202210843206.5A patent/CN115333781A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11082430B1 (en) * | 2018-05-31 | 2021-08-03 | Amazon Technologies, Inc. | Device authorizations using certificates and service access policy templates |
| WO2022062918A1 (en) * | 2020-09-25 | 2022-03-31 | 统信软件技术有限公司 | Control method for strategy implementation, strategy implementation system, and computing device |
| CN113312674A (en) * | 2021-06-18 | 2021-08-27 | 北京泰立鑫科技有限公司 | Access security method and system based on multi-factor environment perception digital certificate |
| CN114553568A (en) * | 2022-02-25 | 2022-05-27 | 重庆邮电大学 | Resource access control method based on zero-trust single packet authentication and authorization |
Non-Patent Citations (1)
| Title |
|---|
| 陈建华;伍照华;: "基于PMI访问控制系统的设计", 电脑知识与技术(学术交流), no. 02, 27 January 2006 (2006-01-27) * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11949656B2 (en) | Network traffic inspection | |
| US10958662B1 (en) | Access proxy platform | |
| CN108901022B (en) | Micro-service unified authentication method and gateway | |
| EP3090525B1 (en) | System and method for biometric protocol standards | |
| US8819800B2 (en) | Protecting user information | |
| KR102466166B1 (en) | Processing electronic tokens | |
| US20200021596A1 (en) | Cloud Device Account Configuration Method, Apparatus and System, and Data Processing Method | |
| US9787678B2 (en) | Multifactor authentication for mail server access | |
| CN102739664B (en) | Improve the method and apparatus of safety of network ID authentication | |
| RU2676896C2 (en) | Method and system related to authentication of users for accessing data networks | |
| CN105721412A (en) | Method and device for authenticating identity between multiple systems | |
| TW201830949A (en) | Methods for sharing sim card and mobile terminals | |
| CN104468552B (en) | A kind of connection control method and device | |
| US11165768B2 (en) | Technique for connecting to a service | |
| CN113434836A (en) | Identity authentication method, device, equipment and medium | |
| CN113901432A (en) | Block chain identity authentication method, equipment, storage medium and computer program product | |
| CN115664693A (en) | Resource access system, method, electronic device, and storage medium | |
| CN109274699A (en) | Method for authenticating, device, server and storage medium | |
| CN112073366B (en) | Data processing method for railway financial system and data center | |
| CN115333781A (en) | Access control security system, method and firewall based on environment data certificate | |
| EP1530343A1 (en) | Method and system for creating authentication stacks in communication networks | |
| CN114826692A (en) | Information login system, method, electronic device and storage medium | |
| KR101160903B1 (en) | Blacklist extracting system and method thereof | |
| EP3032448B1 (en) | Method for authorizing access to information in a telecommunication system | |
| JP2020173507A (en) | Authentication mediating device and authentication mediating program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |