CN115378622A - Access control method, device, equipment and computer program product - Google Patents
Access control method, device, equipment and computer program product Download PDFInfo
- Publication number
- CN115378622A CN115378622A CN202110810554.8A CN202110810554A CN115378622A CN 115378622 A CN115378622 A CN 115378622A CN 202110810554 A CN202110810554 A CN 202110810554A CN 115378622 A CN115378622 A CN 115378622A
- Authority
- CN
- China
- Prior art keywords
- user terminal
- authentication
- service platform
- authentication result
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Abstract
The invention discloses an access control method, a device, equipment and a computer program product, wherein the method is applied to a communication unified authentication platform which is in communication connection with a user terminal and a service platform, and the access control method comprises the following steps: receiving access request information of the user terminal; performing identity validity authentication on the access request information to obtain an authentication result; and sending the authentication result to a service platform so that the service platform can determine whether to open the access right of the user terminal based on the authentication result. The invention carries out identity authentication in advance by the communication unified authentication platform, and then sends the authentication result to the service platform, so that the service platform is allowed to open the access authority for the user terminal when the authentication result is a legal user, thereby avoiding the network attack behavior from occurring on the service platform, namely the network attack behavior is unreachable on the network level, and further improving the safety of the service system.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to an access control method, apparatus, device, and computer program product.
Background
With the rapid development of communication technology, the access between the internet is increasing, and the network security problem is also increasing. Currently, the network security industry has many security defense systems, such as Open System Interface (OSI) security System, security Detection Response (P2 DR) Protection System, and Information security technology Framework (IATF) System.
However, in the traditional service system protection architecture, the access from the internet to the service system is accessible, and an illegal user can also establish network connection with the service system, so that the attack behavior from the internet to the service system is always accessible on the network, so that an attacker can launch the attack on the service system. Meanwhile, the attack behavior occurs on the side of the service system, detection and interception are started, and the detection has the problems of missed report and false report, so that the interception has the conditions of false interception and missed interception.
In summary, how to improve the security of the service system is a problem that needs to be solved urgently at present.
Disclosure of Invention
The invention mainly aims to provide an access control method, an access control device, access control equipment and a computer program product, and aims to improve the safety of a business system.
In order to achieve the above object, the present invention provides an access control method applied to a communication unified authentication platform, where the communication unified authentication platform is in communication connection with a user terminal and a service platform, and the access control method includes the following steps:
receiving access request information of the user terminal;
performing identity validity authentication on the access request information to obtain an authentication result;
and sending the authentication result to a service platform so that the service platform can determine whether to open the access authority of the user terminal based on the authentication result.
Optionally, the communication unified authentication platform and the user terminal are in communication connection through an operator network, where the operator network includes a gateway device, and the step of receiving the access request information of the user terminal includes:
adding user information of the user terminal to access request information sent by the user terminal through the gateway equipment;
and receiving access request information for adding user information.
Optionally, after the step of performing identity validity authentication on the access request information to obtain an authentication result, the method further includes:
and determining whether to redirect the access request of the user terminal to the service platform or not based on the authentication result.
In order to achieve the above object, the present invention further provides an access control method, applied to a service platform, where the service platform is in communication connection with a unified communication authentication platform, and the access control method includes the following steps:
receiving an authentication result sent by the communication unified authentication platform;
and determining whether to open the access authority of the corresponding user terminal based on the authentication result, wherein the authentication result corresponds to the user terminal one to one.
Optionally, the step of determining whether to open the access right of the corresponding user terminal based on the authentication result includes:
if the authentication result is a legal user, a firewall of the service platform opens the access authority of the user terminal;
and if the authentication result is an illegal user, the firewall of the service platform does not open the access authority of the user terminal.
Optionally, after the step of determining whether to open the access right of the corresponding user terminal based on the authentication result, the method further includes:
and when the access request of the user terminal is detected, if the user terminal has the access authority, establishing network connection with the user terminal so as to allow the user terminal to perform service interaction with the service platform.
In addition, in order to achieve the above object, the present invention further provides an access control device, where the access control device is applied to a unified communication authentication platform, and the unified communication authentication platform is in communication connection with a user terminal and a service platform, and the access control device includes:
a receiving module, configured to receive access request information of the user terminal;
the authentication module is used for carrying out identity validity authentication on the access request information to obtain an authentication result;
and the sending module is used for sending the authentication result to a service platform so that the service platform can determine whether to open the access right of the user terminal based on the authentication result.
In addition, in order to achieve the above object, the present invention further provides an access control device, where the access control device is applied to a service platform, the service platform is in communication connection with a unified communication authentication platform, and the access control device includes:
the receiving module is used for receiving the authentication result sent by the communication unified authentication platform;
and the determining module is used for determining whether the access authority of the corresponding user terminal is opened or not based on the authentication result, and the authentication result corresponds to the user terminal one to one.
Furthermore, to achieve the above object, the present invention also provides an access control device including: a memory, a processor and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the first or second access control method as described above.
Furthermore, to achieve the above object, the present invention also provides a computer program product comprising a computer program which, when executed by a processor, implements the steps of the first or second access control method as described above.
Furthermore, to achieve the above object, the present invention also provides a computer readable storage medium, on which a computer program is stored, the computer program, when executed by a processor, implementing the steps of the first or second access control method as described above.
The invention provides an access control method, a device, equipment and a computer program product, wherein the method is applied to a communication unified authentication platform, the communication unified authentication platform is in communication connection with a user terminal and a service platform, and the communication unified authentication platform receives access request information of the user terminal; identity validity authentication is carried out on the access request information to obtain an authentication result; and sending the authentication result to the service platform so that the service platform can determine whether to open the access right of the user terminal based on the authentication result. Through the mode, the unified communication authentication platform receives the access request information of the user terminal, and performs identity validity authentication on the access request information, compared with a scheme that the service platform directly receives the access request information and then performs detection and interception, the unified communication authentication platform performs identity authentication in advance, and then transmits an authentication result to the service platform, so that the service platform is allowed to open an access authority for the user terminal when the authentication result is a valid user, and therefore network attack behaviors are prevented from occurring on the service platform, namely the network attack behaviors are not reachable on a network layer, and the safety of a service system is improved.
Drawings
Fig. 1 is a schematic diagram of a terminal structure of a hardware operating environment according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a first embodiment of an access control method applied to a unified communication authentication platform according to the present invention;
fig. 3 is a schematic flowchart of a first embodiment of an access control method applied to a service platform according to the present invention;
fig. 4 is a schematic diagram of an embodiment of an access control system according to an embodiment of the present invention.
The implementation, functional features and advantages of the present invention will be further described with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The main solution of the embodiment of the invention is as follows: the communication unified authentication platform is in communication connection with the user terminal and the service platform, and receives access request information of the user terminal through the communication unified authentication platform; identity validity authentication is carried out on the access request information to obtain an authentication result; and sending the authentication result to the service platform so that the service platform can determine whether to open the access right of the user terminal based on the authentication result. Through the mode, the unified communication authentication platform receives the access request information of the user terminal, and performs identity validity authentication on the access request information, compared with a scheme that the service platform directly receives the access request information and then performs detection and interception, the unified communication authentication platform performs identity authentication in advance, and then transmits an authentication result to the service platform, so that the service platform is allowed to open an access authority for the user terminal when the authentication result is a valid user, and therefore network attack behaviors are prevented from occurring on the service platform, namely the network attack behaviors are not reachable on a network layer, and the safety of a service system is improved.
In addition, the gateway device of the operator network is used for embedding the user information corresponding to the user terminal into the access request information so as to perform identity authentication based on the user information in the following process, thereby avoiding the network attacker from forging the user information, namely realizing the identity authentication by using the communication network, improving the reliability of the identity authentication, ensuring that the authentication result transmitted to the service platform is more accurate, and further improving the safety of the service system.
In addition, if the authentication result is a legal user, the access request of the user terminal is redirected to the service platform, so that the legal user can normally access the service platform, and if the authentication result is an illegal user, the access request of the user terminal is not redirected to the service platform, so that the access request of the user terminal cannot reach the service platform, namely, the attack behavior of the illegal user cannot reach the service platform, thereby further improving the safety of the service system.
In addition, the service platform is in communication connection with the communication unified authentication platform, and the service platform receives an authentication result sent by the communication unified authentication platform; and determining whether to open the access authority of the corresponding user terminal based on the authentication result, wherein the authentication result corresponds to the user terminal one to one. By the mode, the network access authority is controlled by using the authentication result of the communication unified authentication platform, so that the network attack is prevented from reaching the service platform, namely, the network attack behavior is directly intercepted at the network edge of the service platform and cannot reach the service platform, and the safety of the service system is further improved.
In addition, when an access request of the user terminal is detected, if the access request is a request redirected by the unified communication authentication platform, the access request can be verified again on the service platform on the basis that the unified communication authentication platform performs network security authentication, that is, the authentication result of the unified communication authentication platform is used to control the network access authority so as to prevent network attack from reaching the service platform, thereby further improving the security of the service system. If the access request is a request directly initiated by the user terminal, the network access authority is controlled by using the authentication result of the communication unified authentication platform so as to prevent the network attack from reaching the service platform, namely, the network attack behavior is directly intercepted at the network edge of the service platform and cannot reach the service platform, thereby improving the safety of the service system.
The technical terms related to the embodiment of the invention are as follows:
the OSI Reference Model (OSI/RM) is an Open communication System Interconnection Reference Model established by the international standards organization. The network communication is divided into seven layers, from bottom to top: a Physical Layer (Physical Layer), a Data Link Layer (Data Link Layer), a NetWork Layer (netword Layer), a Transport Layer (Transport Layer), a Session Layer (Session Layer), a Presentation Layer (Presentation Layer), and an Application Layer (Application Layer). The international organization for standardization has extended the OSI reference model on top of the seven-layer model of the original network-based communication protocol in 1989, established the information security architecture, and was technically revised again in 1995, so the OSI security architecture includes five types of security services and eight types of security mechanisms.
The P2DR (Policy Protection Detection Response) model is a representative model of a dynamic network security system and is also a prototype of the dynamic security system, and the P2DR model includes four main parts: policy, protection, detection, and Response. The P2DR model is under the control and guidance of the overall security policy, comprehensively utilizes protection tools (such as firewall, identity authentication, encryption, etc.), and utilizes detection tools (such as vulnerability assessment, intrusion detection, etc.) to understand and assess the security state of the system, and adjusts the system to an ideal state through appropriate reaction. The protection, detection and response form a complete and dynamic security cycle, and the security of the information system is ensured under the guidance of the security policy.
The protection concept of the IATF (Information access Technical Framework) is a deep-protection strategy (Defense-in-Depth), namely, a Depth space of security protection is enlarged, time is changed by using the space, the attack difficulty of an attacker is increased through layer-by-layer Defense, and more time is provided for a protection party to search an attack source. The IATF enforces three core principles of human, technology and operation, and focuses on four information security guarantee fields: protecting networks and infrastructure, protecting boundaries, protecting computing environments, supporting infrastructure.
IEC62443 is an industrial control system standard that is widely accepted and approved internationally, and proposes a safety protection strategy that adopts deep defense, and IEC62443 is derived from a general model of an enterprise control system, and hierarchically manages the industrial control system according to functions, and proposes safety requirements for each layer.
The CGS2.0 standard framework emphasizes four general functional functions of cyberspace security: treatment (Govern), protection (Protect), detection (Detect) and response & recovery (Respond & Recover). The management function provides guidance for all organizations to comprehensively understand the mission and environment of the whole organization, manage files and resources, establish a cross-organization elastic mechanism and the like; the protection function provides guidelines for the organization protecting the physical and logical environment, assets, and data; the detection function provides guidelines for identifying and defending vulnerabilities, anomalies, and attacks on the physical and logical transactions of the organization; the response and recovery functionality provides guidance for establishing effective response mechanisms for threats and vulnerabilities.
The NIST CSF consists of three parts, namely standards, guidelines and best practices for managing network security-related risks, and the core contents of the NIST CSF can be summarized as a classic IPDRR capability model, namely five capabilities of risk identification capability (identity), security defense capability (Protect), security detection capability (Detect), security Response capability (Response) and security Recovery capability (Recovery). The capability framework realizes the whole process coverage of network security in advance, in advance and after, and helps enterprises to actively identify, prevent, discover and respond to security risks.
In the embodiment of the invention, in the existing related schemes (the OSI security system, the P2DR protection system, the IATF system, the IEC62443 system, the CGS2.0, the NIST CSF and the like), on one hand, the traditional service system protection architecture can reach the access from the Internet to the service system, and a preposed identity authentication module is not arranged. And the illegal user can establish network connection with the service system. In this way, the attack behavior from the internet to the system can be reached all the time on the network, and an attacker can initiate an attack on the service system by using the 0Day bug. On the other hand, the user identity authentication and the service access in the service system are separated, the user identity is authenticated at first, and the service access can be realized only after the authentication is passed.
In addition, the traditional network security protection concept is mainly 'depth defense + boundary protection', the security protection object is developed around 'a host, a system and a local area network segment', and the security operation method is mainly working modes such as 'monitoring-discovering-disposing' vulnerability checking and patching. With the growth of enterprises, security boundaries are gradually broken and gradually fuzzified, and a boundary-based protection system is gradually invalid and is difficult to adapt to rapid changes of enterprises and businesses. In addition, enterprise security operations are also problematic in that it is difficult for an enterprise to effectively cope with a network attack using a 0day vulnerability regardless of the security model, the security means, or the security service purchased. Hackers may break various key information infrastructures with heavy protection by using few 0day vulnerabilities, and the 0day vulnerabilities have become increasingly realistic problems that must be faced and taken into consideration for IT networks, communication networks, industrial internet, and the like.
In summary, the following problems exist in the related art:
(1) The safety attack and defense are mainly carried out at a system level and an application level, and if a 0day bug is found at the system level or the service level, the effective countermeasure is difficult, so that a 0day bug attack and trap heavy protection system is caused.
(2) The attack behavior already occurs on the system side, and the detection and interception are started. The detection has the problems of missing report and false report, so that the blocking is mistakenly blocked and missed.
(3) Internet to system attacks are always reachable on the network without restricting the attack by network access control.
Referring to fig. 1, fig. 1 is a schematic terminal structure diagram of a hardware operating environment according to an embodiment of the present invention.
The terminal in the embodiment of the present invention is an access control device, and the access control device may be a terminal device having a processing function, such as a mobile phone, a tablet computer, a PC (personal computer), a microcomputer, a notebook computer, and a server.
As shown in fig. 1, the terminal may include: a processor 1001, such as a CPU (Central Processing Unit), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. The communication bus 1002 is used to implement connection communication among these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., a WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (e.g., a magnetic disk memory). The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the terminal structure shown in fig. 1 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and a computer program.
In the terminal shown in fig. 1, applied to a communication unified authentication platform, where the communication unified authentication platform is communicatively connected to a user terminal and a service platform, the processor 1001 may be configured to call a computer program stored in the memory 1005, and perform the following operations:
receiving access request information of the user terminal;
performing identity validity authentication on the access request information to obtain an authentication result;
and sending the authentication result to a service platform so that the service platform can determine whether to open the access authority of the user terminal based on the authentication result.
Further, the communication unified authentication platform and the user terminal are communicatively connected through an operator network, where the operator network includes a gateway device, and the processor 1001 may be configured to call the computer program stored in the memory 1005, and further perform the following operations:
adding user information of the user terminal to access request information sent by the user terminal through the gateway equipment;
and receiving access request information for adding user information.
Further, the processor 1001 may be configured to invoke the computer program stored in the memory 1005 to also perform the following operations:
and determining whether to redirect the access request of the user terminal to the service platform or not based on the authentication result.
In the terminal shown in fig. 1, applied to a service platform, the service platform is communicatively connected to a communication unified authentication platform, and the processor 1001 may be configured to call a computer program stored in the memory 1005, and perform the following operations:
receiving an authentication result sent by the communication unified authentication platform;
and determining whether to open the access authority of the corresponding user terminal based on the authentication result, wherein the authentication result corresponds to the user terminal one to one.
Further, the processor 1001 may be configured to invoke the computer program stored in the memory 1005 to also perform the following operations:
if the authentication result is a legal user, a firewall of the service platform opens the access authority of the user terminal;
and if the authentication result is an illegal user, the firewall of the service platform does not open the access authority of the user terminal.
Further, the processor 1001 may be configured to invoke the computer program stored in the memory 1005 to also perform the following operations:
when detecting the access request of the user terminal, if the user terminal has access authority, establishing network connection with the user terminal so as to allow the user terminal to perform service interaction with the service platform.
Based on the above hardware structure, various embodiments of the access control method of the present invention are proposed.
The invention provides an access control method.
Referring to fig. 2, fig. 2 is a schematic flowchart of a first embodiment of an access control method applied to a unified communication authentication platform according to the present invention.
In this embodiment, the access control method is applied to a unified communication authentication platform, where the unified communication authentication platform is in communication connection with a user terminal and a service platform, and the access control method includes:
step S10, receiving access request information of the user terminal;
in this embodiment, when a user terminal initiates an access request to a service platform (service system), access request information of the access request is first sent to a unified communication authentication platform, so that the unified communication authentication platform performs authentication negotiation on the access request information. Based on the information, the communication unified authentication platform receives the access request information of the user terminal.
Wherein, the user terminal may include at least one of: client devices having a processing function, such as a mobile phone, a tablet computer, a PC (personal computer), a microcomputer, and a notebook computer. Specifically, the user terminal is a client, and the client may be an APP (application).
Wherein, the service platform may include at least one of the following: a server, a PC (personal computer), a microcomputer, a notebook computer, or the like. Specifically, the service platform is a server corresponding to the user terminal, that is, a server corresponding to a client of the user terminal.
It should be noted that the access request information at least includes a target access address, and the target access address is an address of the communication unified authentication platform, and based on this, the communication unified authentication platform should have a function of redirecting an access request of the user terminal to the service platform.
In addition, it should be noted that the unified communication authentication platform receives the access request information of the user terminal through the internet. Specifically, the unified communication authentication platform receives access request information of the user terminal through the operator network. The operator network may include a mobile communication network, which may be a 3G network, a 4G network, a 5G network, etc., or a wired communication network, which may be a broadband, an optical fiber, etc., and the like.
In an embodiment, the step S10 includes:
and receiving the access request information of the user terminal through a mobile communication network. The mobile communication network may include various communication devices such as gateway devices, base stations, etc., and is not limited herein. The user terminal initiates an access request to the service platform through the mobile network, and the mobile network has corresponding user information such as mobile phone number information in an operator, so that the corresponding mobile phone number information can be added to the access request information through related equipment in the mobile communication network to perform identity authentication identification on the access request information.
In another embodiment, the step S10 includes:
and receiving the access request information of the user terminal through a wired communication network. The wired communication network may include various communication devices such as gateway devices, etc., and is not limited thereto. The user terminal initiates an access request to the service platform through the wired communication network, and the wired communication network has corresponding user information such as mobile phone number information, telephone number information and the like in an operator, so that the corresponding mobile phone number information, telephone number information and the like can be added to the access request information through related equipment in the wired communication network so as to perform identity authentication identification on the access request information.
In addition, it should be noted that the unified communication authentication platform is also used for performing authentication key agreement for one-key login of the operator. The one-key login utilizes the specific data gateway authentication capability of an operator, obtains the mobile phone number currently used by the user from the gateway side after the user authorization, can be applied to security check scenes such as user registration, login and payment, can realize no-perception check of the user, only needs the client authorization in the whole process, and has no perception in the authentication process. After the communication unified authentication platform passes the authentication, the login credential needs to be returned to the user terminal.
Step S20, carrying out identity validity authentication on the access request information to obtain an authentication result;
in this embodiment, the identity validity authentication is performed on the access request information of the user terminal to obtain an authentication result. Specifically, the user information in the access request information is verified to determine whether the user information meets the authentication requirement, that is, whether a preset user information set (white list user set) includes the user information. Wherein, the user information may include at least one of: a Mobile phone number, a telephone number, an IP address of a user terminal, an IMSI (International Mobile Subscriber Identity), and the like.
The authentication result includes a legal user (white list user) and an illegal user (black list user).
In an embodiment, the access request information includes mobile phone number information, and the step S20 includes:
and carrying out identity validity authentication on the mobile phone number information to obtain an authentication result. Specifically, the mobile phone number information in the access request information is verified to determine whether the mobile phone number information meets the authentication requirement, that is, whether the preset mobile phone number set includes the mobile phone number information. And the preset mobile phone number set is a mobile phone number set corresponding to the white list user.
Further, after the step S20, the access control method further includes:
if the authentication result is a legal user, returning a login certificate to the user terminal; and if the authentication result is an illegal user, returning login failure information to the user terminal. The login credential is used for enabling the user terminal to know that the identity authentication is successful.
And step S30, sending the authentication result to a service platform so that the service platform can determine whether to open the access authority of the user terminal based on the authentication result.
In this embodiment, the authentication result is sent to the service platform, so that the service platform determines whether to open the access right of the user terminal based on the authentication result. Specifically, when the unified communication authentication platform obtains the authentication result, the authentication result is synchronized to the service platform.
It should be noted that, for a service platform, the service platform receives an authentication result sent by the communication unified authentication platform; and determining whether to open the access authority of the corresponding user terminal based on the authentication result, wherein the authentication result corresponds to the user terminal one to one. Specifically, if the authentication result is a legal user, the service platform opens an access right for the user terminal; and if the authentication result is an illegal user, the service platform does not open the access right for the user terminal.
In an embodiment, the step of determining whether to open the access right of the corresponding user terminal based on the authentication result includes:
if the authentication result is a legal user, a firewall of the service platform opens the access authority of the user terminal; and if the authentication result is an illegal user, the firewall of the service platform does not open the access authority of the user terminal. Specifically, the service platform includes a firewall, and after receiving the authentication result, the service platform notifies the firewall of the authentication result, so that the firewall sets an access permission.
In another embodiment, after the step of determining whether to open the access right of the corresponding user terminal based on the authentication result, the method further includes:
when detecting the access request of the user terminal, if the user terminal has access authority, establishing network connection with the user terminal so as to allow the user terminal to perform service interaction with the service platform. Specifically, when the service platform receives an access request of the user terminal, if the user terminal in the service platform has an access right, a network connection between the service platform and the user terminal is established, so that the service platform and the user terminal can perform normal service interaction.
Further, before the step S30, the access control method further includes:
and determining user identification information of the user terminal, and adding the user identification information to the authentication result so as to send the authentication result added with the user identification information to a service platform. It can be understood that the user identification information and the authentication result are sent to the service platform together, so that the service platform knows the user terminal corresponding to the authentication result. The user identification information may be set according to actual conditions, such as a mobile phone number, a telephone number, and the like, and details are not described here.
The embodiment of the invention provides an access control method, which is applied to a communication unified authentication platform, wherein the communication unified authentication platform is in communication connection with a user terminal and a service platform, and receives access request information of the user terminal; identity validity authentication is carried out on the access request information to obtain an authentication result; and sending the authentication result to the service platform so that the service platform can determine whether to open the access authority of the user terminal based on the authentication result. Through the mode, the unified communication authentication platform receives the access request information of the user terminal, and performs identity validity authentication on the access request information, compared with a scheme that the service platform directly receives the access request information and then performs detection and interception, the unified communication authentication platform performs identity authentication in advance, and then transmits an authentication result to the service platform, so that the service platform is allowed to open an access authority for the user terminal when the authentication result is a valid user, and therefore network attack behaviors are prevented from occurring on the service platform, namely the network attack behaviors are not reachable on a network layer, and the safety of a service system is improved.
Further, based on the above-described first embodiment, a second embodiment of the access control method of the present invention is proposed.
In this embodiment, the communication unified authentication platform and the user terminal are in communication connection through an operator network, where the operator network includes a gateway device, and the step S10 includes:
step A11, adding user information of the user terminal to access request information sent by the user terminal through the gateway device;
in this embodiment, the gateway device of the operator network adds the user information of the user terminal to the access request information sent by the user terminal. Specifically, the access request information of the user terminal is sent to the communication unified authentication platform through the operator network, when the user terminal passes through the operator network, the user information corresponding to the user terminal is sent to the communication unified authentication platform together, the user information is embedded by the operator network through own gateway equipment, namely the user information is set by the operator network, and the user information of the operator network has unforgeability, namely the identity authentication is realized by using the communication network, so that the reliability of the identity authentication can be improved, and further the safety of a service system is improved.
Wherein the user information may include at least one of: mobile phone number information, IP address information of the user terminal, IMSI information (International Mobile Subscriber Identity), and the like.
In an embodiment, the step a11 includes:
and adding the mobile phone number information of the user terminal to the access request information sent by the user terminal through the gateway equipment. It should be noted that, since the gateway device of the operator has the mobile phone number information of the user terminal, the mobile phone number information corresponding to the user terminal can be embedded.
In another embodiment, the step a11 includes:
and adding the telephone number information of the user terminal to the access request information sent by the user terminal through the gateway equipment. Since the gateway device of the carrier includes the telephone number information of the user terminal, the gateway device can embed the telephone number information corresponding to the user terminal.
The operator network may include a mobile communication network, a wired communication network, and the like, the mobile communication network may be a 3G network, a 4G network, a 5G network, and the like, and the wired communication network may be a broadband, an optical fiber, and the like.
In an embodiment, the operator network is a mobile communication network, and step a11 includes:
and adding the mobile phone number information of the user terminal to the access request information sent by the user terminal through the gateway equipment. It should be noted that, when the user terminal initiates an access request to the service platform through the mobile network, the mobile network has corresponding mobile phone number information in the operator, so that the corresponding mobile phone number information can be added to the access request information through the relevant gateway device in the mobile communication network to perform identity authentication identification on the access request information.
In another embodiment, the carrier network is a wired communication network, and the step a11 includes:
and adding the mobile phone number information of the user terminal to the access request information sent by the user terminal through the gateway equipment, or adding the phone number information of the user terminal to the access request information sent by the user terminal through the gateway equipment. It should be noted that, when the user terminal initiates an access request to the service platform through the wired communication network, the wired communication network has corresponding mobile phone number information or phone number information in the operator, so that the access request information may be added with the corresponding mobile phone number information or phone number information through the related gateway device in the wired communication network, so as to perform identity authentication and identification on the access request information.
Step A12, receiving the access request information of adding user information.
In the present embodiment, access request information to which user information is added is received. Specifically, after the access request information is added with the user information through the operator network, the access request information added with the user information is sent to the unified communication authentication platform through the operator network, so that the unified communication authentication platform receives the access request information added with the user information.
Accordingly, the step S20 includes:
acquiring user information of the access request information, wherein the user information is information added by the operator network; and carrying out identity validity authentication on the user information to obtain an authentication result. Specifically, the user information in the access request information is verified to determine whether the user information meets the authentication requirement, that is, whether a preset user information set (white list user set) includes the user information. Wherein, the user information may include at least one of: mobile phone number information, IP address information of the user terminal, IMSI information, and the like. The authentication result includes a legal user (white list user) and an illegal user (black list user).
In this embodiment, the gateway device of the operator network is used to embed the user information corresponding to the user terminal into the access request information, so as to perform identity authentication based on the user information in the following process, thereby preventing a network attacker from forging the user information, that is, using a communication network to implement identity authentication, and improving the reliability of the identity authentication, so that the authentication result transmitted to the service platform is more accurate, and further improving the security of the service system.
Further, based on the above-described first embodiment, a third embodiment of the access control method of the present invention is proposed.
In this embodiment, after step S20, the access control method further includes:
step A40, based on the authentication result, determining whether to redirect the access request of the user terminal to the service platform.
In this embodiment, it is determined whether to redirect the access request of the user terminal to the service platform based on the authentication result. Specifically, if the authentication result is a legal user, the access request of the user terminal is redirected to the service platform; if the authentication result is an illegal user, the access request of the user terminal is not redirected to the service platform, so that the user terminal corresponding to the illegal user cannot access the service platform.
It should be noted that, the user terminal initiates an access request to the service platform, and the access request information thereof are first sent to the communication unified authentication platform, however, the communication unified authentication platform redirects the access request to the service platform based on the authentication result if the authentication result is a valid user, so that the service platform receives the access request.
In one embodiment, the step a40 includes:
and if the authentication result is an illegal user, not redirecting the access request of the user terminal to the service platform, and returning login failure information to the user terminal. It can be understood that the access request of the user terminal cannot reach the service platform without redirecting the access request of the user terminal to the service platform, and therefore, the attack behavior of the illegal user cannot reach the service platform.
In this embodiment, if the authentication result is a valid user, the access request of the user terminal is redirected to the service platform, so that the valid user can normally access the service platform, and if the authentication result is an invalid user, the access request of the user terminal is not redirected to the service platform, so that the access request of the user terminal cannot reach the service platform, that is, the attack behavior of the invalid user cannot reach the service platform, thereby further improving the security of the service system.
The invention also provides an access control method.
Referring to fig. 3, fig. 3 is a schematic flow chart of a first embodiment of an access control method applied to a service platform according to the present invention.
In this embodiment, the access control method is applied to a service platform, where the service platform is in communication connection with a unified communication authentication platform, and the access control method includes:
step S100, receiving an authentication result sent by the communication unified authentication platform;
in this embodiment, after the unified communication authentication platform sends the authentication result to the service platform, the service platform receives the authentication result sent by the unified communication authentication platform. The authentication result includes a legal user (white list user) and an illegal user (black list user), and the authentication result carries user identification information corresponding to the user terminal, and the user identification information is used for identifying the user terminal to which the authentication result belongs.
Wherein, the service platform may include at least one of the following: a terminal device having a processing function such as a server, a PC (personal computer), a microcomputer, and a notebook computer. Specifically, the service platform is a server corresponding to the user terminal, that is, a server corresponding to a client of the user terminal.
Wherein, the user terminal may include at least one of: client devices having a processing function, such as a mobile phone, a tablet computer, a PC (personal computer), a microcomputer, and a notebook computer. Specifically, the user terminal is a client, and the client may be an APP (application).
It should be noted that, after receiving the authentication result sent by the unified communication authentication platform, the service platform may issue the authentication result to each related subprogram of the service platform, for example, to a firewall of the service platform, so that each related subprogram determines whether to open the access right of the corresponding user terminal based on the authentication result.
In an embodiment, after the step S100, the access control method further includes:
and issuing the authentication result to a firewall of the service platform so that the firewall determines whether to open the access authority of the corresponding user terminal based on the authentication result, wherein the authentication result corresponds to the user terminal one by one.
In addition, it should be noted that, for the communication unified authentication platform, the communication unified authentication platform is in communication connection with the user terminal and the service platform, and the communication unified authentication platform receives the access request information of the user terminal; performing identity validity authentication on the access request information to obtain an authentication result; and sending the authentication result to a service platform so that the service platform can determine whether to open the access authority of the user terminal based on the authentication result. In particular, reference is made to the various embodiments of the access control method applied to the communication unified authentication platform described above.
And step S200, determining whether to open the access authority of the corresponding user terminal based on the authentication result, wherein the authentication result corresponds to the user terminal one to one.
In this embodiment, whether to open the access right of the corresponding user terminal is determined based on the authentication result, which corresponds to the user terminal one-to-one. Specifically, user identification information of an authentication result is obtained, a corresponding user terminal is determined based on the user identification information, and whether to open an access right for the user terminal is determined based on the authentication result.
It should be noted that the access right of the user terminal may be set in a firewall of the service platform, or may be set in other network edge nodes of the service platform, and specifically, may be set according to actual needs, and is not specifically limited herein.
In an embodiment, the step S200 includes:
step A201, if the authentication result is a legal user, a firewall of the service platform opens the access authority of the user terminal;
in this embodiment, if the authentication result is a valid user, the firewall of the service platform opens the access right of the user terminal. Specifically, the access right of the user terminal is opened on a firewall of the service platform, so that the access request of the user terminal can reach the service platform.
Step A202, if the authentication result is an illegal user, the firewall of the service platform does not open the access authority of the user terminal.
In this embodiment, if the authentication result is an illegal user, the firewall of the service platform does not open the access right of the user terminal. Specifically, the access right of the user terminal is not opened on the firewall of the service platform, that is, the access right of the user terminal is prohibited, so that the access request of the user terminal cannot reach the service platform, thereby ensuring that the access request of an illegal user cannot reach the service platform, and further improving the security of the service system.
It can be understood that the network access is controlled by using the authentication result, and the network attack is prevented from reaching the service system, namely, the network attack behavior is directly intercepted at the network edge such as a firewall and can not reach the service system, so that the safety of the service system is improved.
The embodiment of the invention provides an access control method, which is applied to a service platform, wherein the service platform is in communication connection with a communication unified authentication platform, and receives an authentication result sent by the communication unified authentication platform; and determining whether to open the access right of the corresponding user terminal based on the authentication result, wherein the authentication result corresponds to the user terminal one to one. By the mode, the network access authority is controlled by using the authentication result of the communication unified authentication platform, so that the network attack is prevented from reaching the service platform, namely, the network attack behavior is directly intercepted at the network edge of the service platform and cannot reach the service platform, and the safety of the service system is further improved.
Further, based on the above-described first embodiment, a second embodiment of the access control method of the present invention is proposed.
In this embodiment, after step S200, the access control method further includes:
step A300, when detecting the access request of the user terminal, if the user terminal has the access right, establishing a network connection with the user terminal, so that the user terminal and the service platform perform service interaction.
In this embodiment, when an access request of a user terminal is detected, if the user terminal has an access right, a network connection with the user terminal is established, so that the user terminal performs service interaction with a service platform. The access request comprises an access request directly initiated by the user terminal and an access request redirected by the communication unified authentication platform, namely the access request indirectly initiated by the user terminal through the communication unified authentication platform.
If the access authority of the user terminal is opened, the user terminal has access authority in the service platform. The user terminal performs service interaction with the service platform, that is, the user terminal can access the service platform, that is, can normally access the service platform, and perform normal operations, such as login, registration, payment and the like.
In an embodiment, after the step S200, the access control method further includes:
and when the access request of the user terminal is detected, if the user terminal does not have the access authority, the network connection with the user terminal is not established, so that the user terminal cannot perform service interaction with the service platform.
In this embodiment, when an access request of a user terminal is detected, if the access request is a request redirected by the unified communication authentication platform, security verification may be performed on the access request again on the service platform on the basis that the unified communication authentication platform has performed network security authentication, that is, the authentication result of the unified communication authentication platform is used to control the network access permission, so as to prevent network attack from reaching the service platform, thereby further improving the security of the service system. If the access request is a request directly initiated by the user terminal, the network access authority is controlled by using the authentication result of the communication unified authentication platform so as to prevent the network attack from reaching the service platform, namely, the network attack behavior is directly intercepted at the network edge of the service platform and cannot reach the service platform, thereby improving the safety of the service system.
The present invention also provides an access control system, including: a communication unified certification platform and a service platform, wherein the communication unified certification platform is in communication connection with a user terminal and the service platform,
the communication unified authentication platform is used for receiving the access request information of the user terminal; performing identity validity authentication on the access request information to obtain an authentication result; and sending the authentication result to a service platform so that the service platform can determine whether to open the access authority of the user terminal based on the authentication result.
The service platform is used for receiving the authentication result sent by the communication unified authentication platform; and determining whether to open the access authority of the corresponding user terminal based on the authentication result, wherein the authentication result corresponds to the user terminal one to one.
The specific embodiment of the access control system of the present invention is substantially the same as the embodiments of the access control method applied to the unified communication authentication platform, and is substantially the same as the embodiments of the access control method applied to the service platform, which are not described herein again.
In an embodiment, referring to fig. 4, fig. 4 is a schematic diagram of an embodiment of an access control system according to an embodiment of the present invention. The operator network is a mobile communication network, and the user terminal is a mobile phone APP. The method comprises the following two steps: firstly, a user identity authentication stage; secondly, a service access control stage, the specific implementation process is as follows:
firstly, a user identity authentication stage:
step 1, login and authentication negotiation request: the user terminal initiates an access request to a certain service system/APP, request information of the user is sent to the communication unified authentication platform through an operator network, and when the user passes through the operator network, mobile phone number information of the user is sent to the communication unified authentication platform.
Step 2, authentication key negotiation and login credentials: after receiving the authentication negotiation request information of the user, the communication unified authentication platform performs identity validity authentication on the mobile phone number of the user; the platform sends the authentication result to the service platform.
Secondly, service access control stage:
step 3, login and authentication synchronization: and the communication unified authentication platform sends the authentication result to the service platform.
Step 4, connection management: after receiving the authentication result, the service platform informs the firewall of the authentication result; if the user is a legal user, the firewall opens the access authority; if the user is an illegal user, the firewall does not open the access right.
Step 5, login request: the user terminal side initiates a login request, and the firewall determines whether to establish network connection for the user according to the authentication result.
And step 6, responding: if the user is a legal user, network side connection is established for the user, so that the user can normally access the service system; if the user is an illegal user, network connection cannot be established for the user.
Step 7, service interaction: after the network connection is established, the user can access the service server, that is, can normally access the service system to perform normal operation.
The invention also provides an access control device.
In this embodiment, the access control device is applied to a unified communication authentication platform, where the unified communication authentication platform is in communication connection with a user terminal and a service platform, and the access control device includes:
a receiving module, configured to receive access request information of the user terminal;
the authentication module is used for carrying out identity validity authentication on the access request information to obtain an authentication result;
and the sending module is used for sending the authentication result to a service platform so that the service platform can determine whether to open the access right of the user terminal based on the authentication result.
Wherein, each virtual function module of the access control device is stored in the memory 1005 of the access control device shown in fig. 1, and is used for realizing all functions of a computer program; the modules may perform access control functions when executed by the processor 1001.
Further, the communication unified authentication platform and the user terminal are in communication connection through an operator network, the operator network includes a gateway device, and the receiving module includes:
an information adding unit, configured to add, through the gateway device, user information of the user terminal to access request information sent by the user terminal;
and the information receiving unit is used for receiving the access request information added with the user information.
Further, the access control apparatus further includes:
and the redirection module is used for determining whether to redirect the access request of the user terminal to the service platform based on the authentication result.
The function implementation of each module in the access control device corresponds to each step in the embodiment of the access control method applied to the communication unified authentication platform, and the function and implementation process are not described in detail here.
The invention also provides an access control device.
In this embodiment, the access control device is applied to a service platform, the service platform is in communication connection with a communication unified authentication platform, and the access control device includes:
the receiving module is used for receiving the authentication result sent by the communication unified authentication platform;
and the determining module is used for determining whether the access right of the corresponding user terminal is opened or not based on the authentication result, and the authentication result corresponds to the user terminal one to one.
Each virtual function module of the access control apparatus is stored in the memory 1005 of the access control device shown in fig. 1, and is used for realizing all functions of a computer program; the modules may perform access control functions when executed by the processor 1001.
Further, the determining module includes:
an authority opening unit, configured to open an access authority of the user terminal by a firewall of the service platform if the authentication result is a valid user;
and the permission opening unit is further used for not opening the access permission of the user terminal by a firewall of the service platform if the authentication result is an illegal user.
Further, the access control apparatus further includes:
and the network establishing module is used for establishing network connection with the user terminal if the user terminal has access authority when detecting the access request of the user terminal so as to provide service interaction between the user terminal and the service platform.
The function implementation of each module in the access control device corresponds to each step in the embodiment of the access control method applied to the service platform, and the function and implementation process are not described in detail here.
The present invention also provides a computer readable storage medium having stored thereon a computer program which, when being executed by a processor, implements the steps of the access control method applied to a communication unified authentication platform as described in any one of the above embodiments, or implements the steps of the access control method applied to a service platform as described in any one of the above embodiments.
The specific embodiment of the computer-readable storage medium of the present invention is substantially the same as the embodiments of the access control method applied to the communication unified authentication platform, or is substantially the same as the embodiments of the access control method applied to the service platform, and is not described herein again.
The present invention also provides a computer program product comprising a computer program which, when executed by a processor, implements the steps of the access control method applied to a communication unified authentication platform as described in any one of the above embodiments, or implements the steps of the access control method applied to a service platform as described in any one of the above embodiments.
The specific embodiment of the computer program product of the present invention is substantially the same as the embodiments of the access control method applied to the communication unified authentication platform, or substantially the same as the embodiments of the access control method applied to the service platform, and will not be described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrases "comprising one of 8230; \8230;" 8230; "does not exclude the presence of additional like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the description of the foregoing embodiments, it is clear to those skilled in the art that the method of the foregoing embodiments may be implemented by software plus a necessary general hardware platform, and certainly may also be implemented by hardware, but in many cases, the former is a better implementation. Based on such understanding, the technical solutions of the present invention or portions thereof contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) as described above and includes several instructions for enabling a terminal device (which may be a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. An access control method is applied to a communication unified authentication platform, wherein the communication unified authentication platform is in communication connection with a user terminal and a service platform, and the access control method comprises the following steps:
receiving access request information of the user terminal;
performing identity validity authentication on the access request information to obtain an authentication result;
and sending the authentication result to a service platform so that the service platform can determine whether to open the access authority of the user terminal based on the authentication result.
2. The access control method according to claim 1, wherein the unified communication authentication platform and the user terminal are communicatively connected through an operator network, the operator network includes a gateway device, and the step of receiving the access request information of the user terminal includes:
adding user information of the user terminal to access request information sent by the user terminal through the gateway equipment;
and receiving access request information for adding user information.
3. The access control method of claim 1, wherein the step of authenticating the identity of the access request message to obtain the authentication result is followed by further comprising:
and determining whether to redirect the access request of the user terminal to the service platform or not based on the authentication result.
4. An access control method is applied to a service platform, the service platform is in communication connection with a communication unified authentication platform, and the access control method comprises the following steps:
receiving an authentication result sent by the communication unified authentication platform;
and determining whether to open the access authority of the corresponding user terminal based on the authentication result, wherein the authentication result corresponds to the user terminal one to one.
5. The access control method of claim 4, wherein the determining whether to open the access right of the corresponding user terminal based on the authentication result comprises:
if the authentication result is a legal user, a firewall of the service platform opens the access authority of the user terminal;
and if the authentication result is an illegal user, the firewall of the service platform does not open the access authority of the user terminal.
6. The access control method of claim 4, wherein after the step of determining whether to open the access right of the corresponding user terminal based on the authentication result, further comprising:
and when the access request of the user terminal is detected, if the user terminal has the access authority, establishing network connection with the user terminal so as to allow the user terminal to perform service interaction with the service platform.
7. An access control device, wherein the access control device is applied to a communication unified authentication platform, and the communication unified authentication platform is in communication connection with a user terminal and a service platform, and the access control device comprises:
a receiving module, configured to receive access request information of the user terminal;
the authentication module is used for carrying out identity validity authentication on the access request information to obtain an authentication result;
and the sending module is used for sending the authentication result to a service platform so that the service platform can determine whether to open the access right of the user terminal based on the authentication result.
8. An access control device, wherein the access control device is applied to a service platform, the service platform is in communication connection with a communication unified authentication platform, and the access control device comprises:
the receiving module is used for receiving the authentication result sent by the communication unified authentication platform;
and the determining module is used for determining whether the access authority of the corresponding user terminal is opened or not based on the authentication result, and the authentication result corresponds to the user terminal one to one.
9. An access control device, characterized in that the access control device comprises a memory, a processor and a computer program stored on the memory and executable on the processor, which computer program, when executed by the processor, implements the access control method according to any one of claims 1-3 or the access control method according to any one of claims 4-6.
10. A computer program product, characterized in that the computer program product comprises a computer program which, when being executed by a processor, carries out the access control method according to any one of claims 1-3 or the access control method according to any one of claims 4-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110810554.8A CN115378622A (en) | 2021-07-16 | 2021-07-16 | Access control method, device, equipment and computer program product |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110810554.8A CN115378622A (en) | 2021-07-16 | 2021-07-16 | Access control method, device, equipment and computer program product |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115378622A true CN115378622A (en) | 2022-11-22 |
Family
ID=84060414
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110810554.8A Pending CN115378622A (en) | 2021-07-16 | 2021-07-16 | Access control method, device, equipment and computer program product |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115378622A (en) |
-
2021
- 2021-07-16 CN CN202110810554.8A patent/CN115378622A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11671443B2 (en) | Hierarchical risk assessment and remediation of threats in mobile networking environment | |
| US7752320B2 (en) | Method and apparatus for content based authentication for network access | |
| US9071600B2 (en) | Phishing and online fraud prevention | |
| US11197160B2 (en) | System and method for rogue access point detection | |
| CN114598540B (en) | Access control system, method, device and storage medium | |
| US11812261B2 (en) | System and method for providing a secure VLAN within a wireless network | |
| EP3687139B1 (en) | Secure provisioning and validation of access tokens in network environments | |
| US11032270B1 (en) | Secure provisioning and validation of access tokens in network environments | |
| US20160127316A1 (en) | Highly secure firewall system | |
| US11539695B2 (en) | Secure controlled access to protected resources | |
| US20210314339A1 (en) | On-demand and proactive detection of application misconfiguration security threats | |
| Khandelwal et al. | Frontline techniques to prevent web application vulnerability | |
| US9143510B2 (en) | Secure identification of intranet network | |
| CN115378622A (en) | Access control method, device, equipment and computer program product | |
| Narula et al. | Novel Defending and Prevention Technique for Man‐in‐the‐Middle Attacks in Cyber‐Physical Networks | |
| Ellahi et al. | Analyzing 2FA Phishing Attacks and Their Prevention Techniques | |
| Ganapathy | Virtual Dispersive Network in the Prevention of Third Party Interception: A Way of Dealing with Cyber Threat | |
| Mahdad et al. | Breaking Mobile Notification-based Authentication with Concurrent Attacks Outside of Mobile Devices | |
| Conde Ortiz | Ethical Hacking Of An Industrial Control System | |
| ULANC et al. | Deliverable D4. 2 | |
| Pal et al. | Cyber security | |
| CN114662080A (en) | Data protection method and device and desktop cloud system | |
| CN117478392A (en) | Software definition boundary implementation method and system for scanning two-dimension code by using client APP | |
| Strandberg | Avoiding Vulnerabilities in Connected Cars a methodology for finding vulnerabilities | |
| CN116743460A (en) | Data exchange isolation method, system, equipment and storage medium for internal and external network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |