LU505533B1 - Method for secure transmission strategy management - Google Patents
Method for secure transmission strategy management Download PDFInfo
- Publication number
- LU505533B1 LU505533B1 LU505533A LU505533A LU505533B1 LU 505533 B1 LU505533 B1 LU 505533B1 LU 505533 A LU505533 A LU 505533A LU 505533 A LU505533 A LU 505533A LU 505533 B1 LU505533 B1 LU 505533B1
- Authority
- LU
- Luxembourg
- Prior art keywords
- secure
- information
- authentication
- predefined
- level
- Prior art date
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 43
- 238000000034 method Methods 0.000 title claims abstract description 40
- 230000003993 interaction Effects 0.000 claims abstract description 9
- 238000004891 communication Methods 0.000 claims description 14
- 238000005516 engineering process Methods 0.000 claims description 12
- 230000004044 response Effects 0.000 claims description 12
- 239000011159 matrix material Substances 0.000 claims description 9
- 238000012545 processing Methods 0.000 claims description 3
- 238000010276 construction Methods 0.000 abstract description 3
- 238000012795 verification Methods 0.000 abstract description 3
- 238000007726 management method Methods 0.000 description 38
- 230000006870 function Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000002708 enhancing effect Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000003116 impacting effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Selective Calling Equipment (AREA)
- Small-Scale Networks (AREA)
Abstract
The present invention relates to the field of data transmission management, particularly to a method for secure transmission strategy management. The method includes: receiving registration information sent by several secure devices; establishing a reverse proxy tunnel with each of the secure devices; sending configuration information to each secure device based on the reverse proxy tunnel, where the configuration information is used to configure the secure device; when a terminal device interacts with the configured secure device, obtaining authentication information corresponding to the configured secure device via the internet using index information from a server; the terminal device authenticates with the secure device using the authentication information. When authentication is successful, the terminal device can interact with the secure device, save and manage the configuration information of the secure device.The present invention enhances the security of data interaction during the data transmission process through the construction of a reverse proxy tunnel and the verification of corresponding authentication information.
Description
Method for Secure Transmission Strategy Management
The present invention relates to the field of data transmission management technology, and more particularly, it pertains to a method for secure transmission strategy management.
Background Technology
Data transmission technology refers to the methods and devices for transferring data between a data source and a data destination through one or more data channels or links, all following a common communication protocol. In information technology, it is primarily used for information communication or intelligence retrieval between computers and databases, computers and terminals, and terminals with other terminals. À typical data transmission system consists of a main computer or data terminal device, data circuit terminal equipment, and data transmission channels. The process of data transmission involves the operator's text, images, or language information to be transmitted being converted into electrical signals within the device through electromechanical, photoelectric, or acoustoelectric conversion at the human-machine interface of the DTE. These signals are then transformed into signals suitable for channel transmission by the DCE and sent to the data transmission channel.
At the receiving end, the DCE restores the line terminal signal, inputs it into the computer, and ultimately restores it as text, images, or language information.
However, in existing technologies, there is a lack of security in the process of data transmission over networks, making it susceptible to third-party malicious data theft.
For certain confidential data, there is no effective guarantee against data leakage.
Additionally, when the same device interacts with the terminal for data transmission multiple times, it requires corresponding security authentication for each data transmission, greatly reducing work efficiency and significantly affecting the user experience. Therefore, providing a method for secure transmission policy 17905533 management is a pressing technical issue that needs to be addressed by professionals in this field.
The purpose of the present invention is to provide a method for secure transmission strategy management. This invention enhances the security of data interaction during the data transmission process through the construction of a reverse proxy tunnel and the verification of corresponding authentication information.
To achieve the above purpose, the present invention provides the following technical solution:
A method for secure transmission strategy management, comprises:
Receiving registration information sent by several secure devices.
Establishing a reverse proxy tunnel with each of the secure devices. The reverse proxy tunnel is actively requested by the secure device based on the SSH protocol and configured using autossh.
Sending configuration information to the secure devices based on the reverse proxy tunnel. This configuration information is used to configure the secure devices.
When a terminal device interacts with the configured secure device, obtaining authentication information corresponding to the configured secure device via the internet using index information from a server.
The server predefines multiple index information and the corresponding authentication information associated with the index information.
The terminal device authenticates with the secure device using the authentication information. When authentication is successful, the terminal device can interact with the secure device, save and manage the configuration information of the secure device, and directly confirm authentication as successful when authenticating with the secure device configured with the aforementioned configuration information.
In some embodiments of the present application, receiving registration information sent by several secure devices includes:
Receiving the first authentication message sent by each of the secure devices. The first authentication message includes the SSL certificate information of the secure device.
Sending the first authentication response message to each of the secure devices.
The first authentication response message includes the SSL certificate information of the managing device.
Receiving the registration message sent by each of the secure devices. The registration message includes the device information of the secure device.
Determining a listening port based on the device information. The listening port is bound one-to-one with the secure device corresponding to the device information, and is used to listen to the information sent by the managing device associated with the secure device.
In some embodiments of the present application, establishing a reverse proxy tunnel with each of the secure devices includes:
Sending a registration response message to each of the secure devices through
TB technology, and providing security protection to the secure devices based on a dynamic DNS update program. The registration response message includes port information of the listening port.
Receiving the tunnel establishment request message sent by each of the secure devices, and establishing the reverse proxy tunnel based on the tunnel establishment request message and the listening port associated with it.
In some embodiments of the present application, it further includes:
While receiving the first authentication message sent by each of the secure devices, also receiving the public key sent by each of the secure devices, and 17905533 performing encryption and decryption processing on the registration information based on an asymmetric encryption algorithm and the private key of the managing device.
In some embodiments of the present application, before sending configuration information to each secure device based on the reverse proxy tunnel, it includes:
Sending the second authentication message to each of the secure devices. The second authentication message is used for the secure device to authenticate the level of device management authority of the managing device. The level of management authority is pre-set by the secure device.
In some embodiments of the present application, the security level N of the secure device is determined based on the registration information.
Predefined matrices for device security levels (TO) and device management permission levels (A) are established. For the predefined device management permission level matrix A, it is set as A(A1, A2, A3, A4), where A1 is the first predefined device management permission level, A2 is the second predefined device management permission level, A3 is the third predefined device management permission level, and A4 is the fourth predefined device management permission level, with A1 < A2 < A3< A4.
For the predefined secure device level matrix TO, it is set as TO(TO1, T02, TO3, T04), where TO1 is the first predefined secure device level, T02 is the second predefined secure device level, TO3 is the third predefined secure device level, and T04 is the fourth predefined secure device level, with TO1 < T02 < T03 < T04.
The authentication level for device management permissions of the secure device with the managing device is selected based on the relationship between N and the predefined secure device level matrix TO.
When N is equal to T01, the first predefined device management permission level 17905533
A1 is selected as the authentication level for the secure device with the managing device.
When N is equal to T02, the second predefined device management permission 5 level A2 is selected as the authentication level.
When N is equal to T03, the third predefined device management permission level A3 is selected.
When N is equal to T04, the fourth predefined device management permission level A4 is selected.
In some embodiments of the present application, when the terminal device authenticates with the secure device using the authentication information, it includes:
The terminal device encrypts the authentication information using a predefined algorithm, and sends the encrypted authentication information to the secure device for authentication. The secure device decrypts the received encrypted authentication information using a predefined algorithm, compares the decrypted authentication information with the predefined authentication information, and determines if the authentication is successful when the comparison results match.
In some embodiments of the present application, it further includes:
If the comparison results do not match, the authentication fails, and the authentication information is marked. When the secure device decrypts the received encrypted authentication information using the predefined algorithm and obtains the authentication information that matches the marked authentication information, it is directly determined as authentication failure.
In some embodiments of the present application, the terminal device connects with the secure device through wireless communication and conducts data interaction.
The wireless communication connection includes Bluetooth communication HUS05583 connection and NFC communication connection.
In some embodiments of the present application, the index information is login information or the identifier information of the secure device.; wherein,
The identifier information includes the secure device ID, MAC address, Bluetooth unique serial number, or custom information with a unique identifier.
The present invention provides a method for secure transmission strategy management. Compared with existing technologies, the beneficial effect of the present invention lies in:
By receiving device registration information sent by secure devices, establishing a reverse proxy tunnel with each secure device, and sending configuration information to each secure device based on the reverse proxy tunnel, when a terminal device interacts with the configured secure device, it obtains authentication information corresponding to the configured secure device from a server via the internet using index information. This authentication ensures that sensitive data is not maliciously intercepted by third parties during the transmission process, effectively enhancing the security of data interaction during the data transmission process.
FIG.1: flowchart illustrating the security device management method in embodiment of the present invention.
Specific Embodiments
Below, in conjunction with the drawings and embodiments, the specific embodiment of the present invention will be described in further detail. The following embodiments are provided for illustration purposes and do not limit the scope of the 17905533 present invention.
In the description of the present application, it should be understood that terms such as "center," "upper" "lower," "front," "back," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," etc, indicating direction or positional relationships are based on the orientation or positional relationship shown in the drawings. They are used for ease of description and simplification of the description, and do not indicate or imply that the device or element referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus should not be construed as limiting the present application.
The terms "first" and "second" are used for descriptive purposes only and are not to be understood as indicating or implying relative importance or implicitly specifying the number of technical features indicated. As a result, a feature defined with the terms "first" and "second" may expressly or implicitly include one or more such features. In the description of this application, unless otherwise indicated, "more than one" means two or more.
In the description of the present application, it should be noted that unless otherwise specified and limited, terms such as "install," "connect," "link" should be broadly interpreted. For example, it can be a fixed connection or a detachable connection, or an integral connection; it can be a mechanical connection or an electrical connection; it can be a direct connection, or an indirect connection through anintermediary. For those skilled in the field, the specific meanings of the above terms in the present application can be understood in specific situations.
In the existing technology, there is a lack of security in the data transmission process over networks, making it susceptible to malicious third-party data theft. For sensitive data, it is challenging to ensure that it will not be leaked. Additionally, when the same device engages in multiple data transmission interactions with terminals, it 17905533 requires corresponding security authentication for each data transmission, greatly reducing efficiency and significantly impacting user experience.
Therefore, the present invention provides a method for secure transmission strategy management. By employing the construction technique of a reverse proxy tunnel and the verification of corresponding authentication information, it enhances the security of data interaction during the data transmission process. Additionally, through the predefined authentication policy, the authentication information is effectively stored and managed. so that when authentication is performed again, the authentication process can be passed directly without repeating the authentication process, which greatly improves the efficiency of the authentication process, improves the user's experience, and enhances work efficiency.
Referring to FIG.1, the disclosed embodiment of the present invention provides a method for secure transmission strategy management, comprising:
Receiving registration information sent by several secure devices.
Establishing a reverse proxy tunnel with each secure device. The reverse proxy tunnel is actively requested by the secure device based on the SSH protocol and configured using autossh.
Sending configuration information to each secure device based on the reverse proxy tunnel. This configuration information is used to configure the secure devices.
When a terminal device interacts with the configured secure device, obtaining authentication information corresponding to the configured secure device from a server via the internet using index information.
The server predefines multiple index information and the corresponding authentication information associated with the index information.
The terminal device authenticates with the secure device using the authentication information. When authentication is successful, the terminal device can interact with the secure device, save and manage the configuration information of 17905533 the secure device, and directly confirm authentication as successful when authenticating with the secure device configured with the aforementioned configuration information.
It should be noted that SSH is a security protocol based on the application layer, designed to provide security for remote login sessions and other network services.
Using the SSH protocol effectively prevents information leakage during remote management processes. autossh is a software used to automate SSH logins securely.
In a specific embodiment of the present application, receiving registration information sent by several secure devices includes:
Receiving the first authentication message sent by each of the secure devices. The first authentication message includes the SSL certificate information of the secure device.
Sending the first authentication response message to each of the secure devices.
The first authentication response message includes the SSL certificate information of the managing device.
Receiving the registration message sent by each of the secure devices. The registration message includes the device information of the secure device.
Determining a listening port based on the device information. The listening port is bound one-to-one with the secure device corresponding to the device information, and is used to listen to the information sent by the managing device associated with the secure device.
It should be noted that the SSL certificate is to comply with the SSL protocol, issued by the trusted digital certificate authority CA, after verifying the identity of the server, with server authentication and data transmission encryption.
In a specific embodiment of the present application, establishing a reverse proxy 17905533 tunnel with each secure device includes:
Sending a registration response message to each of the secure devices through
TB technology, and providing security protection to the secure devices based on a dynamic DNS update program. The registration response message includes port information of the listening port.
Receiving the tunnel establishment request message sent by each of the secure devices, and establishing the reverse proxy tunnel based on the tunnel establishment request message and the listening port associated with it.
It should be noted that the dynamic DNS update program allows authorized updaters to dynamically add or remove resource records in the authoritative DNS server's zone data. Administrators no longer need to manually modify configuration files to make changes.
In a specific embodiment of the present application, it also includes:
Receiving the first authentication message sent by each of the secure devices, also receiving the public key sent by each of the secure devices, and performing encryption and decryption processing on the registration information based on an asymmetric encryption algorithm and the private key of the managing device.
In a specific embodiment of the present application, before sending configuration information to each secure device based on the reverse proxy tunnel, it includes:
Sending the second authentication message to each of the secure devices. The second authentication message is used for the secure device to authenticate the level of device management authority of the managing device. The level of management authority is pre-set by the secure device.
In a specific embodiment of the present application, determining the security level N of the secure device is determined based on the registration information;
Predefined matrices for device security levels (TO) and device management permission levels (A) are established. For the predefined device management permission level matrix A, it is set as A(A1, A2, A3, A4), where A1 is the first predefined device management permission level, A2 is the second predefined device management permission level, A3 is the third predefined device management permission level, and A4 is the fourth predefined device management permission level, withA1<A2<A3< A4.
For the predefined secure device level matrix TO, it is set as TO(TO1, T02, TO3, T04), where T01 is the first predefined secure device level, TO2 is the second predefined secure device level, TO3 is the third predefined secure device level, and T04 is the fourth predefined secure device level, with TO1 < T02 < T03 < T04.
The authentication level for device management permissions of the secure device with the managing device is selected based on the relationship between N and the predefined secure device level matrix TO.
When N is equal to T01, the first predefined device management permission level
A1 is selected as the authentication level for the secure device with the managing device.
When N is equal to T02, the second predefined device management permission level A2 is selected as the authentication level.
When N is equal to T03, the third predefined device management permission level A3 is selected.
When N is equal to T04, the fourth predefined device management permission level A4 is selected.
It should be noted that for different secure devices with different secure device levels, the device management permission levels are different. For low-level secure devices, the device management permission level is lower, and for high-level secure devices, the device management permission level is higher. Setting different 17905533 management permission levels based on different device levels is beneficial for enhancing the security management of secure devices, greatly protecting the data security transmission of high-level secure devices.
In a specific embodiment of the present application, when the terminal device authenticates with the secure device using the authentication information, it includes:
The terminal device encrypts the authentication information using a predefined algorithm, and sends the encrypted authentication information to the secure device for authentication. The secure device decrypts the received encrypted authentication information using a predefined algorithm, compares the decrypted authentication information with the predefined authentication information, and determines if the authentication is successful when the comparison results match.
In a specific embodiment of the present application, it further includes:
If the comparison results do not match, the authentication fails, and the authentication information is marked. When the secure device decrypts the received encrypted authentication information using the predefined algorithm and obtains the authentication information that matches the marked authentication information, it is directly determined as authentication failure.
In a specific embodiment of the present application, the terminal device connects with the secure device through wireless communication and conducts data interaction.
The wireless communication connection includes Bluetooth communication connection and NFC communication connection.
In a specific embodiment of the present application, the index information is login information or the identifier information of the secure device ; wherein,
The identifier information includes the secure device ID, MAC address, Bluetooth 0505533 unique serial number, or custom information with a unique identifier.
Reverse proxy technology is effective in protecting the system from web vulnerabilities. The reverse proxy is located between external clients and the user's internal service, preventing direct access to the user's network. The present invention greatly enhances the security protection of transmitted data by combining reverse proxy technology with index information authentication. In summary, by receiving device registration information sent by secure devices and establishing a reverse proxy tunnel with each secure device, sending configuration information to each secure device based on the reverse proxy tunnel, obtaining the corresponding authentication information from the server via the internet using index information when the terminal device interacts with the configured secure device, and performing authentication, the present invention ensures that confidential data is not maliciously intercepted by third parties during transmission, effectively improving the security of data interaction during data transmission. Additionally, for authenticated secure information, direct approval upon re-authentication reduces the complexity of repeated authentication processes and improves work efficiency.
The above description is only an embodiment of the present invention, and is not intended to limit the scope of the present invention, and any structural changes made in accordance with the present invention should be regarded as falling within the scope of protection of the present invention as long as they do not lose the meaning of the present invention and are subjected to constraints.
Technical personnel in the relevant technical field can clearly understand that, for the sake of simplicity and conciseness, the specific working process and related explanation of the system described above can refer to the corresponding process in the exemplary embodiment of the method, and will not be repeated here.
It should be noted that the system provided in the above embodiments is only an 17905533 example of dividing various functional modules based on the functions, and in actual applications, various functions can be assigned to different functional modules according to requirements, that is, the modules or steps in the embodiment of the present invention can be further decomposed or combined to complete all or part of the functions described above. For the names of the modules and steps involved in the embodiments of the present invention, they are only used to distinguish between the modules or steps, and should not be deemed as improper restrictions on the present invention.
Those skilled in the field in this field should be able to realize that, in conjunction with the specific description of the exemplary embodiments disclosed in this document, various examples of modules and method steps can be implemented using electronic hardware, computer software, or a combination of both. Programs corresponding to the software modules, method steps, can be placed in random access memory (RAM), memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disks, removable disks, CD-
ROMs, or any other form of storage medium known in the art. To clearly illustrate the interchangeability of electronic hardware and software, the general descriptions of the composition and steps of each example in the embodiments have been provided.
Depending on specific applications and design constraints, those skilled in the field may implement the functions described herein using different methods. However, this embodiment should not be construed as departing from the scope of the present invention.
The term "comprising" or any similar term is intended to cover non-exclusive inclusion, so that a process, method, article, or apparatus comprising a series of elements or steps may include not only those elements or steps explicitly listed, but also those not explicitly listed, or even those that are inherent to such processes, methods, articles, or apparatuses.
So far, the technical solutions of the present invention have been described in connection with the preferred embodiments shown in the accompanying drawings, however, it is readily understood by those skilled in the art that the scope of protection of the present invention is obviously not limited to these specific embodiments.
Without deviating from the principles of the present invention, the person skilled in the art may make equivalent changes or substitutions to the relevant technical features, and the technical solutions after such changes or substitutions will fall within the scope of protection of the present invention.
The above-described embodiments are merely examples of the present invention, and are not intended to limit the scope of the present invention.
Claims (10)
1. A method for secure transmission strategy management, comprising: Receiving registration information sent by several secure devices. Establishing a reverse proxy tunnel with each of the secure devices. The reverse proxy tunnel is actively requested by the secure device based on the SSH protocol and configured using autossh. Sending configuration information to the secure devices based on the reverse proxy tunnel. This configuration information is used to configure the secure devices. When a terminal device interacts with the configured secure device, obtaining authentication information corresponding to the configured secure device via the internet using index information from a server. The server predefines multiple index information and the corresponding authentication information associated with the index information. The terminal device authenticates with the secure device using the authentication information. When authentication is successful, the terminal device can interact with the secure device, save and manage the configuration information of the secure device, and directly confirm authentication as successful when authenticating with the secure device configured with the aforementioned configuration information.
2. A method for secure transmission strategy management according to claim 1, wherein the step of receiving registration information sent by several secure devices comprises: Receiving the first authentication message sent by each of the secure devices. The first authentication message includes the SSL certificate information of the secure device. Sending the first authentication response message to each of the secure devices.
The first authentication response message includes the SSL certificate information of 17905533 the managing device. Receiving the registration message sent by each of the secure devices. The registration message includes the device information of the secure device. Determining a listening port based on the device information. The listening port is bound one-to-one with the secure device corresponding to the device information, and is used to listen to the information sent by the managing device associated with the secure device.
3. A method for secure transmission strategy management according to claim 2, wherein the step of establishing a reverse proxy tunnel with each secure device comprises: Sending a registration response message to each of the secure devices through TB technology, and providing security protection to the secure devices based on a dynamic DNS update program. The registration response message includes port information of the listening port. Receiving the tunnel establishment request message sent by each of the secure devices, and establishing the reverse proxy tunnel based on the tunnel establishment request message and the listening port associated with it.
4. A method for secure transmission strategy management according to claim 2, further comprising: While receiving the first authentication message sent by each of the secure devices, also receiving the public key sent by each of the secure devices, and performing encryption and decryption processing on the registration information based on an asymmetric encryption algorithm and the private key of the managing device.
5. A method for secure transmission strategy management according to claim 1, 17905533 wherein before sending configuration information to each secure device based on the reverse proxy tunnel, it comprises: Sending the second authentication message to each of the secure devices. The second authentication message is used for the secure device to authenticate the level of device management authority of the managing device. The level of management authority is pre-set by the secure device.
6. A method for secure transmission strategy management according to claim 5, characterized in that: The security level N of the secure device is determined based on the registration information. Predefined matrices for device security levels (T0) and device management permission levels (A) are established. For the predefined device management permission level matrix A, it is set as A(A1, A2, A3, A4), where Al is the first predefined device management permission level, A2 is the second predefined device management permission level, A3 is the third predefined device management permission level, and A4 is the fourth predefined device management permission level, with A1 < A2< A3< A4. For the predefined secure device level matrix TO, it is set as TO(TO1, T02, TO3, T04), where T01 is the first predefined secure device level, TO2 is the second predefined secure device level, TO3 is the third predefined secure device level, and T04 is the fourth predefined secure device level, with TO1 < T02 < TO3 < T04. The authentication level for device management permissions of the secure device with the managing device is selected based on the relationship between N and the predefined secure device level matrix TO. When N is equal to T01, the first predefined device management permission level Al is selected as the authentication level for the secure device with the managing device. LU505533 When N is equal to T02, the second predefined device management permission level A2 is selected as the authentication level. When N is equal to T03, the third predefined device management permission level A3 is selected. When N is equal to T04, the fourth predefined device management permission level A4 is selected.
7. A method for secure transmission strategy management according to claim 1, characterized in that, when the terminal device authenticates with the secure device using the authentication information, it comprises: The terminal device encrypts the authentication information using a predefined algorithm, and sends the encrypted authentication information to the secure device for authentication. The secure device decrypts the received encrypted authentication information using a predefined algorithm, compares the decrypted authentication information with the predefined authentication information, and determines if the authentication is successful when the comparison results match.
8. A method for secure transmission strategy management according to claim 7, characterized in that it further comprises: If the comparison results do not match, the authentication fails, and the authentication information is marked. When the secure device decrypts the received encrypted authentication information using the predefined algorithm and obtains the authentication information that matches the marked authentication information, it is directly determined as authentication failure.
9. A method for secure transmission strategy management according to claim 1, characterized in that:
The terminal device connects with the secure device through wireless communication and conducts data interaction. The wireless communication connection includes Bluetooth communication connection and NFC communication connection.
10. À method for secure transmission strategy management according to claim 1, characterized in that: The index information is login information or the identifier information of the secure device ; wherein, The identifier information includes the secure device ID, MAC address, Bluetooth unique serial number, or custom information with a unique identifier.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211550446.2A CN116232635A (en) | 2022-12-05 | 2022-12-05 | Security transmission policy management method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| LU505533B1 true LU505533B1 (en) | 2024-05-16 |
Family
ID=86570425
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| LU505533A LU505533B1 (en) | 2022-12-05 | 2023-11-15 | Method for secure transmission strategy management |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN116232635A (en) |
| LU (1) | LU505533B1 (en) |
-
2022
- 2022-12-05 CN CN202211550446.2A patent/CN116232635A/en active Pending
-
2023
- 2023-11-15 LU LU505533A patent/LU505533B1/en active IP Right Grant
Also Published As
| Publication number | Publication date |
|---|---|
| CN116232635A (en) | 2023-06-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9847882B2 (en) | Multiple factor authentication in an identity certificate service | |
| WO2017185999A1 (en) | Method, apparatus and system for encryption key distribution and authentication | |
| US20100138907A1 (en) | Method and system for generating digital certificates and certificate signing requests | |
| EP1748615A1 (en) | Method and system for providing public key encryption security in insecure networks | |
| US20080222714A1 (en) | System and method for authentication upon network attachment | |
| CA2407482A1 (en) | Security link management in dynamic networks | |
| EP2553894B1 (en) | Certificate authority | |
| US11799844B2 (en) | Secure communication network | |
| US20080137859A1 (en) | Public key passing | |
| US11968302B1 (en) | Method and system for pre-shared key (PSK) based secure communications with domain name system (DNS) authenticator | |
| JP2009538478A5 (en) | ||
| KR20070108365A (en) | Remote access system and method for enabling a user to remotely access a terminal equipment from a subscriber terminal | |
| JP2018117340A (en) | User authentication in computer network | |
| CN108712364B (en) | Security defense system and method for SDN (software defined network) | |
| EP3328025B1 (en) | Accessing hosts in a hybrid computer network | |
| US12015721B1 (en) | System and method for dynamic retrieval of certificates with remote lifecycle management | |
| US11979491B2 (en) | Transmission of secure information in a content distribution network | |
| LU505533B1 (en) | Method for secure transmission strategy management | |
| Zhao et al. | Design of single sign-on | |
| Cisco | Basic VPN Configuration | |
| Cisco | About CA | |
| Cisco | Configuring IPSec and Certification Authorities | |
| Cisco | Configuring IPSec and Certification Authorities | |
| Cisco | About CA | |
| Cisco | About CA |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FG | Patent granted |
Effective date: 20240516 |