CN117155649B - System and method for security protection of third party system accessing JAVA gateway - Google Patents
System and method for security protection of third party system accessing JAVA gateway Download PDFInfo
- Publication number
- CN117155649B CN117155649B CN202311113694.5A CN202311113694A CN117155649B CN 117155649 B CN117155649 B CN 117155649B CN 202311113694 A CN202311113694 A CN 202311113694A CN 117155649 B CN117155649 B CN 117155649B
- Authority
- CN
- China
- Prior art keywords
- party system
- module
- data
- access
- party
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 67
- 238000012795 verification Methods 0.000 claims abstract description 52
- 238000012545 processing Methods 0.000 claims description 20
- 238000013475 authorization Methods 0.000 claims description 9
- 230000007123 defense Effects 0.000 claims description 6
- 238000012546 transfer Methods 0.000 claims description 6
- 238000001914 filtration Methods 0.000 claims description 5
- 238000007792 addition Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/957—Browsing optimisation, e.g. caching or content distillation
- G06F16/9574—Browsing optimisation, e.g. caching or content distillation of access to content, e.g. by caching
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Abstract
The invention relates to the technical field of computers, and discloses a security protection system and a security protection method for accessing a JAVA gateway by a third party system, wherein the security protection system comprises the following steps: the system comprises an identity verification module, a third party system information acquisition module, an authorized access module, an access control module, a session management module and a data confidentiality module; and an identity verification module: the method is used for verifying the identity of a third party system which needs to be accessed to the JAVA gateway; third party system information acquisition module: and the system is used for collecting information data of the third party system after the authentication module passes the authentication of the third party system. When the third party system is accessed to the JAVA gateway, the authentication of the third party system is verified, and the third party system is allowed to be accessed to the JAVA gateway after the authentication is passed; and after the third party system is accessed to the JAVA gateway, the third party system is automatically endowed with the authority level according to the operation information of the third party system, so that the third party system can only access the service resources meeting the authority level.
Description
Technical Field
The invention relates to the technical field of computers, and particularly discloses a security protection system and a security protection method for accessing a JAVA gateway by a third party system.
Background
A JAVA gateway is a server application that processes requests from clients and forwards them to the back-end microservices or applications. It is part of a micro-service architecture that provides a single entry point to route all traffic to the appropriate service. When a third party system wants to connect with the JAVA gateway, the third party system can access the JAVA gateway only after completing the configuration of parameters or paths. When the third party system gives out the access request, the JAVA gateway forwards the request to the corresponding service according to the URL in the access request. The lack of good security protection in the above manner easily causes the session between the third party system and the service to be hijacked, thereby causing the situation that the data is tampered or stolen. And the third party system cannot be automatically endowed with authority level according to the operation information of the access third party system, so that the third party system can access most of service resources, and the condition that resources are easily leaked after some third party systems with lower safety access the service resources is caused.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a security protection system and a security protection method for accessing a JAVA gateway by a third party system, which can solve the problem of lower security in the traditional way of accessing the JAVA gateway by the third party system.
In order to solve the above technical problems, according to an aspect of the present invention, more specifically, a JAVA gateway security protection system accessed by a third party system includes: the system comprises an identity verification module, a third party system information acquisition module, an authorized access module, an access control module, a session management module and a data confidentiality module;
and an identity verification module: the method is used for verifying the identity of a third party system which needs to be accessed to the JAVA gateway;
third party system information acquisition module: the system comprises an authentication module, a third party system and a data acquisition module, wherein the authentication module is used for acquiring information data of the third party system after the authentication of the third party system by the authentication module is passed;
and the authorized access module: the system is used for authorizing the third party system to access the JAVA gateway after the authentication module passes the authentication of the third party system;
and an access control module: the method comprises the steps of finding a service to be accessed according to a URL in a third-party system access request, judging whether the service to be accessed can be accessed according to the authority of the third-party system, intercepting the URL if the authority is insufficient, and otherwise, allowing the third-party system to access the service to be accessed;
session management module: the method is used for managing the session between the third party system and the accessed service and ensuring the security of the session;
and a data encryption module: for encrypting data transmitted between the third party system and the accessed service.
Still further, the authentication module includes: the system comprises an access request receiving module, a processing analysis module, a data feedback receiving module and a comparison matching module;
an access request receiving module: the access request information is used for receiving the access request information carrying the secret key from the third party system;
and a processing analysis module: processing and analyzing the received access request to obtain verification parameters;
and the data feedback receiving module is used for: the system comprises a process forming file, a third party system and a data processing unit, wherein the process forming file is used for sending the analysis processing process forming file to the third party system, and receiving response data from the third party system;
and a contrast matching module: and comparing the verification parameters with corresponding data, and if the verification parameters are the same, passing the identity verification of the third party system, otherwise, not passing the identity verification of the third party system.
Further, the specific process of the authentication module for authenticating the third party system is as follows: firstly, receiving access request information carrying a secret key from a third party system through an access request receiving module; processing the access request information through a processing analysis module to obtain a secret key and the length of access parameters carried by the URL in the access request, dividing the secret key into single elements, converting the single elements into binary data one by one to form a binary number group, converting each binary data in the binary number group into decimal data to form a decimal number group, and obtaining verification parameters according to the following formula:
C=∑(S i +L c )/(L c +L s )
wherein C is a verification parameter, S i For each decimal data, L c L is the access parameter length in URL s Is decimal array length;
the verification parameter obtaining process is used for forming an encrypted file and feeding the encrypted file back to a third party system, and the third party system obtains response data according to the verification parameter obtaining process and feeds the response data back to a server; and then, the comparison matching module compares the verification parameters with the response data, if the comparison is successful, the identity verification is passed, and otherwise, the identity verification is not passed.
Further, the third party system information acquisition module includes: the system comprises a system security level acquisition module, a system operation time acquisition module, a system attacked number acquisition module and a system defense success number acquisition module;
the system security level acquisition module: the security level data acquisition module is used for acquiring security level data of the third party system;
the system operation time length acquisition module: the method comprises the steps of acquiring accumulated operation time length data of a third party system;
the system attacked times acquisition module: the method is used for acquiring the total times of attacked in the running process of the third party system;
the system defense success number acquisition module: the method is used for obtaining the total number of successful defending times in the number of times that the third party system is attacked.
Still further, the authorized access module includes: a rights granting module;
the permission giving module: the method is used for giving the authority level of the third party system according to the data acquired by the information acquisition module of the third party system, and the specific giving process is as follows:
the security level data of the third party system, the accumulated operation time length data of the third party system, the total times of attack in the operation process of the third party system and the times of attack of the third party system are respectively acquired through a system security level acquisition module, a system operation time length acquisition module, a system attacked times acquisition module and a system defending success times acquisition module, and then the total times of defending success are comprehensively analyzed, so that the authority level which should be endowed by the third party system can be obtained:
wherein LV is authority level, Z c To defend against the total number of successes, Z g For the total number of times of attack, t is the system operationAnd the duration A is the system security level data.
Still further, the access control module includes: the system comprises a URL acquisition module, a right acquisition module and an interception and filtration module;
URL obtaining module: the URL information is used for acquiring URL information in the third party request;
the permission acquisition module is used for: the system comprises an authorization access module, a third party system and a data acquisition module, wherein the authorization access module is used for acquiring authority level data given to the third party system by the authorization access module;
interception and filtration module: and the right-class data is used for making a decision of intercepting the URL or allowing access according to the service pointed by the URL information acquired by the URL acquisition module and the right-class data acquired by the right acquisition module.
Still further, the session management module includes: the system comprises a session space opening module, a random placement module and a random transfer module;
a session space opening module; the method is used for opening up a plurality of conversation spaces and numbering the conversation spaces according to the sequence before and after opening up;
and (3) randomly placing a module: the method comprises the steps of randomly placing a session between a third party system and an accessed service into a session space;
a random transfer module: for randomly transferring the entire session to other empty session spaces after a period of time has elapsed between the third party system and the accessed service.
Further, the random transfer process of the random placement module is as follows: firstly, the total number of the space opened by the session space opening module is obtained, meanwhile, the authority level of the current third party system is obtained, and then the number of the randomly placed session space is obtained according to the following formula:
B=(L m /LV)+random random∈(0,L m -LV]
wherein B is the session space number, L m As the total number of session spaces, random is a random number;
when the conversation time between the third party system and the service exceeds the threshold value, traversing to obtain all the empty conversation spaces, renumbering all the empty conversation spaces according to the traversing sequence, and randomly transferring the conversation to any conversation space according to the formula.
According to another aspect of the present invention, there is provided a security protection method for accessing a JAVA gateway by a third party system, which is characterized in that the method is implemented based on the above method for accessing a JAVA gateway security protection system by a third party system, and specifically includes the following steps:
s1, verifying the identity of a third party system through identity verification, and authorizing the third party system to access the JAVA gateway after the identity verification is passed, otherwise, not allowing the third party system to access the JAVA gateway;
s2, after the third party system is accessed to the JAVA gateway, the access authority level of the third party system is automatically given according to the information of the third party system;
s3, judging whether the service pointed by the URL in the access request meets the authority level of the service according to the access request of the third party system and the authority level given to the third party system, if so, allowing the service to access the service, otherwise, intercepting the URL in the access request;
s4, randomly placing the session into any session space in the process of session between the third party system and the accessed service, and encrypting data when the data are transmitted between the third party system and the accessed service;
s5, when the conversation between the three-party system and the accessed service exceeds a threshold value, the conversation is randomly transferred into any empty conversation space.
The JAVA gateway security protection system and method for accessing the third party system have the beneficial effects that: when the third party system is accessed to the JAVA gateway, the authentication of the third party system is verified, and the third party system is allowed to be accessed to the JAVA gateway after the authentication is passed; and after the third party system is accessed to the JAVA gateway, the authority level of the third party system can be automatically given to the third party system according to the operation information of the third party system, so that the third party system can only access the service resources meeting the authority level of the third party system, and the condition that the service resource data is leaked is avoided. In addition, when the session is carried out between the third party system and the accessed service, the session is randomly placed in the opened session space, and after the session is carried out for a period of time, the whole session is randomly transferred to any other empty session space, so that the condition that resource data are tampered or stolen in the session process is avoided, and the safety and reliability of the third party system accessing the JAVA gateway are greatly ensured.
Drawings
The invention will be described in further detail with reference to the accompanying drawings and detailed description.
FIG. 1 is a schematic diagram of a system principle;
FIG. 2 is a schematic flow chart of the method.
Detailed Description
The invention will be described in detail hereinafter with reference to the drawings in conjunction with embodiments. It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be combined with each other.
According to one aspect of the present invention, as shown in fig. 1, there is provided a JAVA gateway security system for accessing a third party system, including:
and an identity verification module: for verifying the identity of a third party system that needs to access the JAVA gateway. The module comprises: an access request receiving module: the access request information is used for receiving the access request information carrying the secret key from the third party system; and a processing analysis module: processing and analyzing the received access request to obtain verification parameters; and the data feedback receiving module is used for: the system comprises a process forming file, a third party system and a data processing unit, wherein the process forming file is used for sending the analysis processing process forming file to the third party system, and receiving response data from the third party system; and a contrast matching module: and comparing the verification parameters with corresponding data, and if the verification parameters are the same, passing the identity verification of the third party system, otherwise, not passing the identity verification of the third party system.
The specific process of the module for the authentication of the third party system is as follows: firstly, receiving access request information carrying a secret key from a third party system through an access request receiving module; processing the access request information through a processing analysis module to obtain a key and the length of an access parameter carried by the URL in the access request, and dividing the key into single elements, such as: the key is "524789214", the key is divided into "5", "2", "4". Individual elements, and the individual elements are converted into binary data one by one, thereby forming a binary array, each binary data in the binary array is converted into decimal data, and a decimal array is formed, and then verification parameters are obtained according to the following formula:
C=∑(S i +L c )/(L c +L s )
wherein C is a verification parameter, S i For each decimal data, L c L is the access parameter length in URL s Is decimal array length;
the verification parameter obtaining process is used for forming an encrypted file and feeding the encrypted file back to a third party system, and the third party system obtains response data according to the verification parameter obtaining process and feeds the response data back to a server; and then, the comparison matching module compares the verification parameters with the response data, if the comparison is successful, the identity verification is passed, and otherwise, the identity verification is not passed.
Third party system information acquisition module: and the system is used for collecting information data of the third party system after the authentication module passes the authentication of the third party system. Comprising the following steps: the system security level data is acquired through the system security level acquisition module, the accumulated operation duration of the first system is acquired through the system operation duration acquisition module, the total number of times of attack in the system operation process is acquired through the system attack number acquisition module, and the total number of times of successful defense in the number of times of attack of the system is acquired through the system defense success number acquisition module.
And the authorized access module: the system is used for authorizing the third party system to access the JAVA gateway after the authentication module passes the authentication of the third party system, and automatically giving the authority level of the third party system after the authority giving module is combined with the comprehensive judgment and analysis of the data acquired by the information acquisition module of the third party system at the same time.
Wherein LV is authority level, Z c To defend against the total number of successes, Z g And t is the running time of the system, and A is the security level data of the system.
And an access control module: the method is used for finding the service to be accessed according to the URL in the access request of the third party system, judging whether the service to be accessed can be accessed according to the authority of the third party system, intercepting the URL if the authority is insufficient, and otherwise, allowing the third party system to access the service to be accessed. The module comprises: URL obtaining module: the URL information is used for acquiring URL information in the third party request; the permission acquisition module is used for: the system comprises an authorization access module, a third party system and a data acquisition module, wherein the authorization access module is used for acquiring authority level data given to the third party system by the authorization access module; interception and filtration module: and the right-class data is used for making a decision of intercepting the URL or allowing access according to the service pointed by the URL information acquired by the URL acquisition module and the right-class data acquired by the right acquisition module.
Session management module: the method is used for managing the session between the third party system and the accessed service and ensuring the security of the session. The module comprises: a session space opening module; the method is used for opening up a plurality of conversation spaces, and numbering the conversation spaces according to the sequence before and after opening up, such as: the open space comprises [ k ] 1 ,k 2 ,..,k n ]The number of each space is "1", "2", "n", respectively; and (3) randomly placing a module: for randomly placing a session between a third party system and an accessed service into a session space: firstly, the total number of the space opened by the session space opening module is obtained, meanwhile, the authority level of the current third party system is obtained, and then the number of the randomly placed session space is obtained according to the following formula:
B=(L m /LV)+random random∈(0,L m -LV]
wherein B is the session space number, L m As the total number of session spaces, random is a random number;
a random transfer module: after a period of time, such as 2 hours, the session between the third party system and the accessed service is performed, all the empty session spaces are obtained through traversal, all the empty session spaces are renumbered according to the traversal sequence, and the session is randomly transferred into any session space according to the formula.
And a data encryption module: for encrypting data transmitted between the third party system and the accessed service.
According to another aspect of the present invention, as shown in fig. 2, there is provided a security protection method for accessing a JAVA gateway by a third party system, which is implemented based on the above method for accessing a JAVA gateway security protection system by a third party system, and specifically includes the following steps:
s1, verifying the identity of a third party system through identity verification, and authorizing the third party system to access the JAVA gateway after the identity verification is passed, otherwise, not allowing the third party system to access the JAVA gateway;
s2, after the third party system is accessed to the JAVA gateway, the access authority level of the third party system is automatically given according to the information of the third party system;
s3, judging whether the service pointed by the URL in the access request meets the authority level of the service according to the access request of the third party system and the authority level given to the third party system, if so, allowing the service to access the service, otherwise, intercepting the URL in the access request;
s4, randomly placing the session into any session space in the process of session between the third party system and the accessed service, and encrypting data when the data are transmitted between the third party system and the accessed service;
s5, when the conversation between the three-party system and the accessed service exceeds a threshold value, the conversation is randomly transferred into any empty conversation space.
Wherein the electrical components appearing herein are all electrical components present in reality.
Of course, the above description is not intended to limit the invention, but rather the invention is not limited to the above examples, and variations, modifications, additions or substitutions within the spirit and scope of the invention will be within the scope of the invention.
Claims (7)
1. A JAVA gateway security system for a third party system, comprising: the system comprises an identity verification module, a third party system information acquisition module, an authorized access module, an access control module, a session management module and a data confidentiality module;
and an identity verification module: the method is used for verifying the identity of a third party system which needs to be accessed to the JAVA gateway;
third party system information acquisition module: the system comprises an authentication module, a third party system and a data acquisition module, wherein the authentication module is used for acquiring information data of the third party system after the authentication of the third party system by the authentication module is passed;
and the authorized access module: the system is used for authorizing the third party system to access the JAVA gateway after the authentication module passes the authentication of the third party system;
and an access control module: the method comprises the steps of finding a service to be accessed according to a URL in a third-party system access request, judging whether the service to be accessed can be accessed according to the authority of the third-party system, intercepting the URL if the authority is insufficient, and otherwise, allowing the third-party system to access the service to be accessed;
session management module: the method is used for managing the session between the third party system and the accessed service and ensuring the security of the session; the module comprises: the system comprises a session space opening module, a random placement module and a random transfer module;
a session space opening module; the method is used for opening up a plurality of conversation spaces and numbering the conversation spaces according to the sequence before and after opening up;
and (3) randomly placing a module: the method comprises the steps of randomly placing a session between a third party system and an accessed service into a session space; the specific process is as follows: firstly, the total number of the space opened by the session space opening module is obtained, meanwhile, the authority level of the current third party system is obtained, and then the number of the randomly placed session space is obtained according to the following formula:
B=(L m /LV)+random random∈(0,L m -LV]
wherein B is the session space number, L m As the total number of session spaces, random is a random number;
when the conversation time between the third party system and the service exceeds a threshold value, traversing to obtain all the empty conversation spaces, renumbering all the empty conversation spaces according to the traversing sequence, and randomly transferring the conversation to any conversation space according to the formula;
a random transfer module: after a period of time, randomly transferring the whole session to other empty session spaces;
and a data encryption module: for encrypting data transmitted between the third party system and the accessed service.
2. The JAVA gateway security system of claim 1, wherein the JAVA gateway security system is configured to: the identity verification module comprises: the system comprises an access request receiving module, a processing analysis module, a data feedback receiving module and a comparison matching module;
an access request receiving module: the access request information is used for receiving the access request information carrying the secret key from the third party system;
and a processing analysis module: processing and analyzing the received access request to obtain verification parameters;
and the data feedback receiving module is used for: the system comprises a process forming file, a third party system and a data processing unit, wherein the process forming file is used for sending the analysis processing process forming file to the third party system, and receiving response data from the third party system;
and a contrast matching module: and comparing the verification parameters with corresponding data, and if the verification parameters are the same, passing the identity verification of the third party system, otherwise, not passing the identity verification of the third party system.
3. The JAVA gateway security system of claim 2, wherein the JAVA gateway security system is configured to: the specific process of the identity verification module for the identity verification of the third party system is as follows: firstly, receiving access request information carrying a secret key from a third party system through an access request receiving module; processing the access request information through a processing analysis module to obtain a secret key and the length of access parameters carried by the URL in the access request, dividing the secret key into single elements, converting the single elements into binary data one by one to form a binary number group, converting each binary data in the binary number group into decimal data to form a decimal number group, and obtaining verification parameters according to the following formula:
C=∑(S i +L c )/(L c +L s )
wherein C is a verification parameter, S i For each decimal data, L c L is the access parameter length in URL s Is decimal array length;
the verification parameter obtaining process is used for forming an encrypted file and feeding the encrypted file back to a third party system, and the third party system obtains response data according to the verification parameter obtaining process and feeds the response data back to a server; and then, the comparison matching module compares the verification parameters with the response data, if the comparison is successful, the identity verification is passed, and otherwise, the identity verification is not passed.
4. The JAVA gateway security system of claim 1, wherein the JAVA gateway security system is configured to: the third party system information acquisition module comprises: the system comprises a system security level acquisition module, a system operation time acquisition module, a system attacked number acquisition module and a system defense success number acquisition module;
the system security level acquisition module: the security level data acquisition module is used for acquiring security level data of the third party system;
the system operation time length acquisition module: the method comprises the steps of acquiring accumulated operation time length data of a third party system;
the system attacked times acquisition module: the method is used for acquiring the total times of attacked in the running process of the third party system;
the system defense success number acquisition module: the method is used for obtaining the total number of successful defending times in the number of times that the third party system is attacked.
5. The JAVA gateway security system as claimed in claim 4, wherein: the authorized access module comprises: a rights granting module;
the permission giving module: the method is used for giving the authority level of the third party system according to the data acquired by the information acquisition module of the third party system, and the specific giving process is as follows:
the security level data of the third party system, the accumulated operation time length data of the third party system, the total times of attack in the operation process of the third party system and the times of attack of the third party system are respectively acquired through a system security level acquisition module, a system operation time length acquisition module, a system attacked times acquisition module and a system defending success times acquisition module, and then the total times of defending success are comprehensively analyzed, so that the authority level which should be endowed by the third party system can be obtained:
wherein LV is authority level, Z c To defend against the total number of successes, Z g And t is the running time of the system, and A is the security level data of the system.
6. The JAVA gateway security system of claim 1, wherein the JAVA gateway security system is configured to: the access control module comprises: the system comprises a URL acquisition module, a right acquisition module and an interception and filtration module;
URL obtaining module: the URL information is used for acquiring URL information in the third party request;
the permission acquisition module is used for: the system comprises an authorization access module, a third party system and a data acquisition module, wherein the authorization access module is used for acquiring authority level data given to the third party system by the authorization access module;
interception and filtration module: and the right-class data is used for making a decision of intercepting the URL or allowing access according to the service pointed by the URL information acquired by the URL acquisition module and the right-class data acquired by the right acquisition module.
7. The method for protecting the security of the JAVA gateway accessed by the third party system is realized based on the security protection system of the JAVA gateway accessed by the third party system according to any one of claims 1 to 6, and specifically comprises the following steps:
s1, verifying the identity of a third party system through identity verification, and authorizing the third party system to access the JAVA gateway after the identity verification is passed, otherwise, not allowing the third party system to access the JAVA gateway;
s2, after the third party system is accessed to the JAVA gateway, the access authority level of the third party system is automatically given according to the information of the third party system;
s3, judging whether the service pointed by the URL in the access request meets the authority level of the service according to the access request of the third party system and the authority level given to the third party system, if so, allowing the service to access the service, otherwise, intercepting the URL in the access request;
s4, randomly placing the session into any session space in the process of session between the third party system and the accessed service, and encrypting data when the data are transmitted between the third party system and the accessed service;
s5, when the conversation between the three-party system and the accessed service exceeds a threshold value, the conversation is randomly transferred into any empty conversation space.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311113694.5A CN117155649B (en) | 2023-08-31 | 2023-08-31 | System and method for security protection of third party system accessing JAVA gateway |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311113694.5A CN117155649B (en) | 2023-08-31 | 2023-08-31 | System and method for security protection of third party system accessing JAVA gateway |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117155649A CN117155649A (en) | 2023-12-01 |
| CN117155649B true CN117155649B (en) | 2024-03-22 |
Family
ID=88898222
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311113694.5A Active CN117155649B (en) | 2023-08-31 | 2023-08-31 | System and method for security protection of third party system accessing JAVA gateway |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117155649B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106533895A (en) * | 2015-09-11 | 2017-03-22 | 北大方正集团有限公司 | Password-based instant communication method and system |
| CN110995672A (en) * | 2019-11-20 | 2020-04-10 | 天津大学 | Network security authentication method for software development |
| CN111030828A (en) * | 2019-12-19 | 2020-04-17 | 中国电建集团华东勘测设计研究院有限公司 | Authority control method and system under micro-service architecture and access token |
| CN114553540A (en) * | 2022-02-22 | 2022-05-27 | 平安科技(深圳)有限公司 | Zero-trust-based Internet of things system, data access method, device and medium |
| CN114915435A (en) * | 2021-02-09 | 2022-08-16 | 网联清算有限公司 | Service data access method and system |
| CN115664693A (en) * | 2022-08-19 | 2023-01-31 | 海恒数字科技(青岛)有限公司 | Resource access system, method, electronic device, and storage medium |
| CN115865320A (en) * | 2022-11-14 | 2023-03-28 | 广东工业大学 | Block chain-based security service management method and system |
| CN116488868A (en) * | 2023-03-29 | 2023-07-25 | 济南浪潮数据技术有限公司 | Server security access method, device and storage medium |
| CN116545633A (en) * | 2023-05-12 | 2023-08-04 | 紫光云技术有限公司 | High-security API calling method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140173125A1 (en) * | 2012-12-18 | 2014-06-19 | Salesforce.Com, Inc. | Systems and methods for transferring a session between devices in an on-demand computing environment |
-
2023
- 2023-08-31 CN CN202311113694.5A patent/CN117155649B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106533895A (en) * | 2015-09-11 | 2017-03-22 | 北大方正集团有限公司 | Password-based instant communication method and system |
| CN110995672A (en) * | 2019-11-20 | 2020-04-10 | 天津大学 | Network security authentication method for software development |
| CN111030828A (en) * | 2019-12-19 | 2020-04-17 | 中国电建集团华东勘测设计研究院有限公司 | Authority control method and system under micro-service architecture and access token |
| CN114915435A (en) * | 2021-02-09 | 2022-08-16 | 网联清算有限公司 | Service data access method and system |
| CN114553540A (en) * | 2022-02-22 | 2022-05-27 | 平安科技(深圳)有限公司 | Zero-trust-based Internet of things system, data access method, device and medium |
| CN115664693A (en) * | 2022-08-19 | 2023-01-31 | 海恒数字科技(青岛)有限公司 | Resource access system, method, electronic device, and storage medium |
| CN115865320A (en) * | 2022-11-14 | 2023-03-28 | 广东工业大学 | Block chain-based security service management method and system |
| CN116488868A (en) * | 2023-03-29 | 2023-07-25 | 济南浪潮数据技术有限公司 | Server security access method, device and storage medium |
| CN116545633A (en) * | 2023-05-12 | 2023-08-04 | 紫光云技术有限公司 | High-security API calling method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117155649A (en) | 2023-12-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7231526B2 (en) | System and method for validating a network session | |
| CN115189927B (en) | Zero trust-based power network safety protection method | |
| CN107231346A (en) | A kind of method of cloud platform identification | |
| CN101051908A (en) | Dynamic cipher certifying system and method | |
| CN1507203A (en) | Method and system for conducting user verification to sub position of network position | |
| US8566952B1 (en) | System and method for encrypting data and providing controlled access to encrypted data with limited additional access | |
| CN105553666B (en) | Intelligent power terminal safety authentication system and method | |
| CN102217277A (en) | Method and system for token-based authentication | |
| WO2013007525A1 (en) | Method and system to share or storage personal data without loss of privacy | |
| CN1770052A (en) | Method, apparatus and program storage device for providing service access control for a user interface | |
| CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
| CN113872944A (en) | Block chain-oriented zero-trust security architecture and cluster deployment framework thereof | |
| CN104202338A (en) | Secure access method applicable to enterprise-level mobile applications | |
| CN107733933A (en) | A kind of double factor identity authentication method and system based on biological identification technology | |
| CN111399980A (en) | Safety authentication method, device and system for container organizer | |
| CN115842680A (en) | Network identity authentication management method and system | |
| CN114826780A (en) | Block chain based multi-level authority management system and method | |
| US10909254B2 (en) | Object level encryption system including encryption key management system | |
| CN110572392A (en) | Identity authentication method based on HyperLegger network | |
| CN113556735A (en) | Data encryption method | |
| Alemu et al. | Fingerprint based authentication architecture for accessing multiple cloud computing services using single user credential in IOT environments | |
| CN117155649B (en) | System and method for security protection of third party system accessing JAVA gateway | |
| CN111538973A (en) | Personal authorization access control system based on state cryptographic algorithm | |
| Tutubala et al. | A hybrid framework to improve data security in cloud computing | |
| Said et al. | A multi-factor authentication-based framework for identity management in cloud applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |