CN116886343A - User access control method and system based on continuous authentication - Google Patents
User access control method and system based on continuous authentication Download PDFInfo
- Publication number
- CN116886343A CN116886343A CN202310769724.1A CN202310769724A CN116886343A CN 116886343 A CN116886343 A CN 116886343A CN 202310769724 A CN202310769724 A CN 202310769724A CN 116886343 A CN116886343 A CN 116886343A
- Authority
- CN
- China
- Prior art keywords
- user
- authentication
- terminal
- access
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 230000002159 abnormal effect Effects 0.000 claims abstract description 19
- 238000001514 detection method Methods 0.000 claims description 19
- 238000012795 verification Methods 0.000 claims description 12
- 238000011156 evaluation Methods 0.000 claims description 8
- 230000007246 mechanism Effects 0.000 abstract description 4
- 230000008447 perception Effects 0.000 description 6
- 230000006399 behavior Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000035515 penetration Effects 0.000 description 3
- 238000002955 isolation Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a user access control method and a system based on continuous authentication, which relate to the field of user access control, and when a user accesses a service application system through a terminal, the user performs equipment authentication on the terminal environment through an environment sensing agent, divides the terminal into a controlled terminal and an uncontrolled terminal, and terminates the network access of the uncontrolled terminal; after the controlled terminal is accessed to the network, user authentication is carried out on the user identity by using a user authentication agent, the controlled terminal is divided into a trusted terminal and an untrusted terminal, and the untrusted terminal can be accessed continuously only by re-authentication; in the process of accessing the application service by the trusted terminal, carrying out continuous authentication on the terminal environment, the user identity and the application service access authority in a full life cycle, and if the abnormal condition that the authentication is not passed is found, carrying out re-authentication to continue the access; the application utilizes a continuous authentication mechanism to realize real-time supervision in the process of user access, solves the pain point of access control in a data protection model and constructs a data security access platform.
Description
Technical Field
The application belongs to the field of user access control, and particularly relates to a user access control method and system based on continuous authentication.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
When a user accesses an enterprise internal information system from the external internet, network security control such as user identity authentication, data encryption and the like is mainly realized through Virtual Private Network (VPN) equipment, and the VPN is widely used in various industries, but still has problems: firstly, a traditional VPN uses a TCP/IP communication protocol to carry out internet user identity authentication, firstly connects a network, and then authenticates the identity, so that the problem of asset exposure exists; secondly, the traditional VPN is based on network-centric admission control, and once a user accesses an enterprise internal network through the VPN, the user cannot control the attack on the internal network.
The data center regards the internet outlet as the boundary of the intranet and extranet isolation, and defaults to: the external network is unsafe, the internal network is safe, so a large number of safety devices and safety strategies are arranged on the boundary to ensure no loss; while the internal network is considered secure; thus, potential safety hazards appear, when the attack breaks through the boundary, the transverse penetration can be carried out to attack other assets, and the traditional safety architecture cannot solve the problem; even if the internal network is partitioned into zones for security isolation, lateral penetration within the zone is not required.
In summary, in the existing user access control method, the default intranet is safe, and the risk of lateral penetration exists.
Disclosure of Invention
In order to overcome the defects in the prior art, the application provides a user access control method and a system based on continuous authentication, which utilize a continuous authentication mechanism to realize real-time supervision of a user in the access process, solve the pain point of access control in a data protection model and construct a data security access platform.
To achieve the above object, one or more embodiments of the present application provide the following technical solutions:
the first aspect of the application provides a user access control method based on continuous authentication.
A user access control method based on continuous authentication, when a user accesses a service application system through a terminal, the following control steps are carried out:
performing equipment authentication on the terminal environment through an environment sensing agent, dividing the terminal into a controlled terminal and an uncontrolled terminal according to an equipment authentication result, and terminating network access of the uncontrolled terminal;
after the controlled terminal is accessed to the network, user authentication is carried out on the user identity by using a user authentication agent, the controlled terminal is divided into a trusted terminal and an untrusted terminal according to the user authentication result, and the untrusted terminal can be accessed continuously only by re-authentication;
and in the process of accessing the application service by the trusted terminal, carrying out full life cycle continuous authentication on the terminal environment, the user identity and the application service access authority, and if the abnormal condition that the authentication is not passed is found, carrying out re-authentication to continue the access.
Further, the access space of the service application system is divided into a user domain and a data domain, the user domain is used for carrying out equipment authentication and user authentication on the terminal environment and the user identity, and the data domain is used for carrying out access authority authentication on the application service;
the equipment authentication and the user authentication are realized through the trusted access detection control connected with the switch.
Further, the equipment authentication is the trusted access detection control, accesses to an environment sensing agent on a proxy gateway of a user domain, verifies the terminal environment, and if the agent does not respond or the verification fails, the terminal environment is abnormal and the equipment authentication fails;
if the terminal environment is abnormal, the trusted access control terminates the access of the terminal; and if the terminal environment is normal, continuing to access.
Further, the user authentication is the trusted access detection and control, accesses to a user authentication proxy on a proxy gateway of a user domain, verifies the user identity based on the user token, and if the proxy does not respond or the verification does not pass, the user authentication does not pass, the proxy is redirected to an authentication gateway and initiates authentication to the authentication gateway;
further, the verification of the user identity based on the user token is to verify whether the user token exists or not and the validity of the user token.
Further, the verification of the validity of the user token specifically comprises the following steps:
under the condition of the token, the entering data domain carries out comprehensive trust evaluation through the service security policy control service, judges whether the user token needs to be revoked according to the comprehensive trust evaluation result, and if the user token needs to be revoked, sets the user token as invalid.
Further, the application service access right is the trusted access detection and control, and accesses the right service of the data domain through the data domain service proxy; the data domain authority service checks whether the user has the authority for accessing the application service, and if the user passes the check, an application token is obtained;
and controlling access to the application service according to the validity of the application token and the corresponding application access permission.
The second aspect of the application provides a user access control system based on continuous authentication.
A user access control system based on continuous authentication is used for controlling a user to access a service application system through a terminal, and comprises a device authentication module, a user authentication module and a continuous authentication module:
a device authentication module configured to: performing equipment authentication on the terminal environment through an environment sensing agent, dividing the terminal into a controlled terminal and an uncontrolled terminal according to an equipment authentication result, and terminating network access of the uncontrolled terminal;
a user authentication module configured to: after the controlled terminal is accessed to the network, user authentication is carried out on the user identity by using a user authentication agent, the controlled terminal is divided into a trusted terminal and an untrusted terminal according to the user authentication result, and the untrusted terminal can be accessed continuously only by re-authentication;
a continuous authentication module configured to: and in the process of accessing the application service by the trusted terminal, carrying out full life cycle continuous authentication on the terminal environment, the user identity and the application service access authority, and if the abnormal condition that the authentication is not passed is found, carrying out re-authentication to continue the access.
A third aspect of the present application provides a computer readable storage medium having stored thereon a program which when executed by a processor performs steps in a method of user access control based on persistent authentication according to the first aspect of the present application.
A fourth aspect of the application provides an electronic device comprising a memory, a processor and a program stored on the memory and executable on the processor, the processor implementing the steps in a method for user access control based on continuous authentication according to the first aspect of the application when the program is executed.
The one or more of the above technical solutions have the following beneficial effects:
the application provides a continuous authentication method, which aims at the continuous authentication mechanism of an intranet user for accessing data and applications by establishing an access channel, monitors the whole life cycle of the user access process in real time, solves the pain point of access control in a data protection model, greatly improves the safety of an intranet network and an information system, and ensures the safety of key core infrastructure of an enterprise.
Additional aspects of the application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application.
Fig. 1 is a flow chart of a method of a first embodiment.
Fig. 2 is a schematic diagram of continuous authentication according to the first embodiment.
Fig. 3 is a system configuration diagram of a second embodiment.
Detailed Description
It should be noted that the following detailed description is illustrative and is intended to provide further explanation of the application. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the present application. As used herein, the singular is also intended to include the plural unless the context clearly indicates otherwise, and furthermore, it is to be understood that the terms "comprises" and/or "comprising" when used in this specification are taken to specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof.
The application is based on the authentication of the equipment and the user and the binding judgment of the equipment and the user, and is used as the precondition of network access and service access of the equipment-user pair. Aiming at the uncontrolled terminal, the terminal which is not provided with the terminal environment perception agent or has abnormal environment is the uncontrolled terminal, and the uncontrolled terminal is forbidden to access the network; aiming at the controlled-unreliable terminal, after the controlled terminal accesses the network, equipment authentication and user authentication are needed to be performed again, and the terminal with failed authentication or high continuous authentication risk is marked as unreliable. For a controlled-trusted terminal, the controlled terminal with the device and user authentication passing is a trusted terminal, and only the trusted terminal can access the service.
Example 1
In one or more embodiments, a method for controlling user access based on continuous authentication is disclosed, as shown in fig. 1, when a user accesses a service application system through a terminal, the following control steps are performed:
step S1: and performing equipment authentication on the terminal environment through the environment sensing agent, dividing the terminal into a controlled terminal and an uncontrolled terminal according to the equipment authentication result, and terminating the network access of the uncontrolled terminal.
The access space of the service application system is divided into a user domain and a data domain, wherein the user domain is used for carrying out equipment authentication and user authentication on a terminal environment and user identities, and the data domain is used for carrying out access authority authentication on application services.
The equipment authentication and the user authentication are realized through the trusted access detection control connected with the switch.
The equipment authentication is the trusted access detection control, the environment perception agent on the agent gateway of the access user domain checks the terminal environment, if the agent does not respond or the verification is not passed, the terminal environment is abnormal, and the equipment authentication is not passed; if the terminal environment is abnormal, the trusted access control terminates the access of the terminal; and if the terminal environment is normal, continuing to access.
Step S2: after the controlled terminal is accessed to the network, user authentication is carried out on the user identity by using a user authentication agent, the controlled terminal is divided into a trusted terminal and an untrusted terminal according to the user authentication result, and the untrusted terminal can be accessed continuously only by re-authentication.
User authentication, which is the trusted access detection and control, accesses a user authentication proxy on a proxy gateway of a user domain, verifies the user identity based on the user token, and if the proxy does not respond or the verification does not pass, the user authentication does not pass, the proxy is redirected to the authentication gateway, and authentication is initiated to the authentication gateway;
the user identity verification based on the user token is to verify whether the user token exists or not and the validity of the user token.
Verification of the validity of the user token, specifically:
under the condition of the token, the entering data domain carries out comprehensive trust evaluation through the service security policy control service, judges whether the user token needs to be revoked according to the comprehensive trust evaluation result, and if the user token needs to be revoked, sets the user token as invalid.
Step S3: and in the process of accessing the application service by the trusted terminal, carrying out full life cycle continuous authentication on the terminal environment, the user identity and the application service access authority, and if the abnormal condition that the authentication is not passed is found, carrying out re-authentication to continue the access.
The application service access authority is the trusted access detection and control, and accesses the authority service of the data domain through the data domain service proxy; the data domain authority service checks whether the user has the authority for accessing the application service, and if the user passes the check, an application token is obtained; and controlling access to the application service according to the validity of the application token and the corresponding application access permission.
The following describes in detail the implementation procedure of a user access control method based on continuous authentication in this embodiment.
The embodiment designs a continuous authentication method, which aims at intranet users, and greatly improves the safety of intranet networks and information systems and ensures the safety of key core infrastructures of enterprises through access channels and access application control mechanisms.
Specifically, the access space of the service application system is divided into a user domain and a data domain, the data domain is the domain division of data, the division enables the data domain to form a more obvious boundary in a large context, and the user domain is a user terminal access area, so that the security level is lower; FIG. 2 is a schematic diagram of continuous authentication, as shown in FIG. 2, two domains are isolated by a unified access portal, and when a user accesses an application through an access channel, the unified access portal is utilized to authenticate not only user service access but also identity authentication of objects including equipment, people, applications and the like; the access devices must pass authentication to access the network, and authentication is also required for mutual access between application services.
The identity of the user, the equipment and the application is abstracted into the identity of the main body, and the identity of the main body is authenticated, so that the safety states of the terminal, the user behavior, the network and the environment are continuously monitored and evaluated, and the continuous authentication of the identity of the main body is realized. In the process of accessing the service by the user, the real-time and near-real-time continuous non-perception verification is carried out by continuously evaluating the activity condition of the user account, the safety condition of the terminal used by the user, the behavior of the user operation terminal and the behavior of the user access service, so that the identity safety is ensured under the condition of not influencing the use of the user; the identity validity needs to be continuously evaluated in a full life cycle, and when any abnormal situation which causes the identity to be unreliable is found in the continuous authentication process, the user is forced to carry out secondary identity re-checking, and the identity re-checking is carried out based on multiple factors, wherein the multiple factors comprise modes of face recognition, fingerprint, mobile phone short message and the like.
The specific process of identity authentication and business application control through the unified access portal is as follows:
(1) The user accesses the business application system page through the terminal browser and enters the trusted access detection and control connected with the switch;
(2) The trusted access detection control accesses the environment sensing agent on the agent gateway of the user domain and verifies the terminal environment;
the environment perception agent adopts environment perception technology to carry out credible marking on the identity of the terminal, endows each terminal with unique digital identity, and can maintain the identity attribute of the terminal or not to carry out real-time perception and measurement on the environment of the terminal; after the environment sensing agent is installed in the terminal environment, the environment sensing agent and the terminal are linked to complete terminal environment sensing.
(3) If the terminal environment is abnormal, the trusted access control terminates the access of the browser terminal; if the terminal environment is normal, returning to the trusted access detection control, and continuing the next step;
(4) The trusted access detection control accesses a user authentication agent on a proxy gateway of the user domain, and authenticates and verifies the user identity based on the user token; the user token is a "token" which is obtained by a client-side requesting an authorization service system.
(5) A user authentication proxy service on the proxy gateway verifies whether the user token exists or not and the validity of the user token;
(6) If the token exists, the data domain is entered, and comprehensive trust evaluation is carried out through the business security policy control service; the business security policy comprises abnormal login places, more than 5 times of login errors, abnormal working time login, abnormal authority access and the like.
(7) Judging whether the user token needs to be revoked according to the comprehensive trust evaluation result, if so, setting the user token to be invalid, returning to the trusted access detection and control, and continuing the next step;
(8) If no token or invalid token, returning a redirection code 302 and a redirection authentication gateway address;
(9) Redirecting the browser to the authentication gateway, and initiating authentication to the authentication gateway;
(10) The authentication is successful, a user token is obtained, a trusted access check is returned, and the next step is continued;
(11) The trusted access detection and control accesses the authority service of the data domain through the data domain service proxy;
(12) The authority service of the data domain obtains an application token through user domain detection and control, then carries the user token and the application token, and accesses the data domain business application web; the user domain detection control is a data domain service agent and is used for controlling the access of the data domain authority service; the application token is obtained according to whether the user has access rights to a certain application or not, and is at an application level.
(13) Accessing a background application API of the trusted access check of the data domain through a business application web; the application Web is an application program that can be run on the Internet, and it means that remote access can be achieved by running an application program based on the Internet or a private network through a Web browser (for example Internet Explorer, firefox, opera or Safari).
(14) The trusted application of the data domain checks the application token, and detects the validity and the application access authority of the token to the data domain service system; wherein the trusted application check is a gateway and the detection right is used.
(15) If the access is authorized, the trusted application control is released to an application server/data server to obtain a request result;
(16) If the access is not authorized, the detection control refuses to access the application service/data service;
(17) And returning the request result to the terminal browser of the user domain.
The process runs through the whole life cycle of the user access service application system, continuously authenticates equipment, users and applications, monitors the user access process in real time, solves the pain points of access control in the data protection model, and builds a data security access platform.
Example two
In one or more embodiments, a user access control system based on continuous authentication is disclosed, as shown in fig. 3, for controlling a user to access a service application system through a terminal, including a device authentication module, a user authentication module, and a continuous authentication module:
a device authentication module configured to: performing equipment authentication on the terminal environment through an environment sensing agent, dividing the terminal into a controlled terminal and an uncontrolled terminal according to an equipment authentication result, and terminating network access of the uncontrolled terminal;
a user authentication module configured to: after the controlled terminal is accessed to the network, user authentication is carried out on the user identity by using a user authentication agent, the controlled terminal is divided into a trusted terminal and an untrusted terminal according to the user authentication result, and the untrusted terminal can be accessed continuously only by re-authentication;
a continuous authentication module configured to: and in the process of accessing the application service by the trusted terminal, carrying out full life cycle continuous authentication on the terminal environment, the user identity and the application service access authority, and if the abnormal condition that the authentication is not passed is found, carrying out re-authentication to continue the access.
Example III
An object of the present embodiment is to provide a computer-readable storage medium.
A computer readable storage medium having stored thereon a computer program which when executed by a processor performs steps in a method for user access control based on continuous authentication according to one embodiment of the present disclosure.
Example IV
An object of the present embodiment is to provide an electronic apparatus.
An electronic device comprising a memory, a processor and a program stored on the memory and executable on the processor, the processor implementing the steps in a method for user access control based on continuous authentication as described in the first embodiment of the present disclosure when executing the program.
The above description is only of the preferred embodiments of the present application and is not intended to limit the present application, but various modifications and variations can be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application.
Claims (10)
1. The user access control method based on continuous authentication is characterized in that when a user accesses a service application system through a terminal, the following control steps are performed:
performing equipment authentication on the terminal environment through an environment sensing agent, dividing the terminal into a controlled terminal and an uncontrolled terminal according to an equipment authentication result, and terminating network access of the uncontrolled terminal;
after the controlled terminal is accessed to the network, user authentication is carried out on the user identity by using a user authentication agent, the controlled terminal is divided into a trusted terminal and an untrusted terminal according to the user authentication result, and the untrusted terminal can be accessed continuously only by re-authentication;
in the process of accessing the application service by the trusted terminal, the terminal environment, the user identity and the application service access authority are continuously authenticated in the full life cycle, and if the abnormal condition that the authentication is not passed is found, the access can be continued by re-authentication.
2. The method for controlling user access based on continuous authentication as claimed in claim 1, wherein the access space of the service application system is divided into a user domain and a data domain, the user domain is used for performing device authentication and user authentication on the terminal environment and the user identity, and the data domain is used for performing access authority authentication on the application service;
the equipment authentication and the user authentication are realized through the trusted access detection control connected with the switch.
3. The method for controlling user access based on continuous authentication as claimed in claim 2, wherein the device authentication is the trusted access check, the environment sensing agent on the agent gateway of the access user domain checks the terminal environment, the agent does not respond or the check does not pass, the terminal environment is abnormal, and the device authentication does not pass;
if the terminal environment is abnormal, the trusted access control terminates the access of the terminal; and if the terminal environment is normal, continuing to access.
4. The method of claim 2, wherein the user authentication is a user authentication agent on a proxy gateway accessing a user domain, and the authentication is initiated to the authentication gateway by verifying the user identity based on the user token, and if the agent does not respond or the verification fails, the user authentication fails, and the user authentication is redirected to the authentication gateway.
5. The method for controlling user access based on continuous authentication as claimed in claim 4, wherein the verification of the user identity based on the user token is to verify the presence of the user token and the validity of the user token.
6. The method for controlling user access based on continuous authentication as claimed in claim 5, wherein the verification of the validity of the user token is specifically:
under the condition of the token, the entering data domain carries out comprehensive trust evaluation through the service security policy control service, judges whether the user token needs to be revoked according to the comprehensive trust evaluation result, and if the user token needs to be revoked, sets the user token as invalid.
7. The method for controlling user access based on continuous authentication as claimed in claim 2, wherein the application service access right is the trusted access check, and access to the right service of the data domain is performed through a data domain service proxy; the data domain authority service checks whether the user has the authority for accessing the application service, and if the user passes the check, an application token is obtained;
and controlling access to the application service according to the validity of the application token and the corresponding application access permission.
8. The user access control system based on continuous authentication is characterized by comprising a device authentication module, a user authentication module and a continuous authentication module, wherein the device authentication module is used for controlling a user to access a service application system through a terminal:
a device authentication module configured to: performing equipment authentication on the terminal environment through an environment sensing agent, dividing the terminal into a controlled terminal and an uncontrolled terminal according to an equipment authentication result, and terminating network access of the uncontrolled terminal;
a user authentication module configured to: after the controlled terminal is accessed to the network, user authentication is carried out on the user identity by using a user authentication agent, the controlled terminal is divided into a trusted terminal and an untrusted terminal according to the user authentication result, and the untrusted terminal can be accessed continuously only by re-authentication;
a continuous authentication module configured to: and in the process of accessing the application service by the trusted terminal, carrying out full life cycle continuous authentication on the terminal environment, the user identity and the application service access authority, and if the abnormal condition that the authentication is not passed is found, carrying out re-authentication to continue the access.
9. An electronic device, comprising:
a memory for non-transitory storage of computer readable instructions; and
a processor for executing the computer-readable instructions,
wherein the computer readable instructions, when executed by the processor, perform the method of any of the preceding claims 1-7.
10. A storage medium, characterized by non-transitory storing computer-readable instructions, wherein the instructions of the method of any one of claims 1-7 are performed when the non-transitory computer-readable instructions are executed by a computer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310769724.1A CN116886343A (en) | 2023-06-27 | 2023-06-27 | User access control method and system based on continuous authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310769724.1A CN116886343A (en) | 2023-06-27 | 2023-06-27 | User access control method and system based on continuous authentication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116886343A true CN116886343A (en) | 2023-10-13 |
Family
ID=88265365
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310769724.1A Pending CN116886343A (en) | 2023-06-27 | 2023-06-27 | User access control method and system based on continuous authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116886343A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117155718A (en) * | 2023-11-01 | 2023-12-01 | 北京持安科技有限公司 | Gateway dynamic access control method, device and storage medium |
-
2023
- 2023-06-27 CN CN202310769724.1A patent/CN116886343A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117155718A (en) * | 2023-11-01 | 2023-12-01 | 北京持安科技有限公司 | Gateway dynamic access control method, device and storage medium |
| CN117155718B (en) * | 2023-11-01 | 2024-02-20 | 北京持安科技有限公司 | Gateway dynamic access control method, device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11962590B2 (en) | Confirming authenticity of a user to a third-party system | |
| US11063928B2 (en) | System and method for transferring device identifying information | |
| US10110585B2 (en) | Multi-party authentication in a zero-trust distributed system | |
| US8375430B2 (en) | Roaming secure authenticated network access method and apparatus | |
| CN111917714B (en) | Zero trust architecture system and use method thereof | |
| CN107122674B (en) | Access method of oracle database applied to operation and maintenance auditing system | |
| CN104202338B (en) | A kind of safety access method being applicable to enterprise-level Mobile solution | |
| CN110995672B (en) | Network security authentication method for software development | |
| US20180139205A1 (en) | System and method for transparent multi-factor authentication and security posture checking | |
| CN101986598B (en) | Authentication method, server and system | |
| CN102571873B (en) | Bidirectional security audit method and device in distributed system | |
| KR102463051B1 (en) | Driving negotiation method and apparatus | |
| CN115333840A (en) | Resource access method, system, device and storage medium | |
| CN116886343A (en) | User access control method and system based on continuous authentication | |
| CN102045310B (en) | Industrial Internet intrusion detection as well as defense method and device | |
| CN102571874A (en) | On-line audit method and device in distributed system | |
| CN101764788B (en) | Safe access method based on extended 802.1x authentication system | |
| CN114844644A (en) | Resource request method, device, electronic equipment and storage medium | |
| CN114157438A (en) | Network equipment management method and device and computer readable storage medium | |
| KR101404537B1 (en) | A server access control system by automatically changing user passwords and the method thereof | |
| Liu et al. | Risk-based dynamic identity authentication method based on the UCON model | |
| CN112491886A (en) | Security control method, system, device and storage medium based on network system | |
| CN112367188A (en) | Privatization safety system based on zero trust model and implementation method | |
| KR102307361B1 (en) | Web based authentication method, and computer program, recording medium and server device for the authentication method | |
| CN114500074B (en) | Single-point system security access method and device and related equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |