CN116074125B - End-to-end password middle station zero trust security gateway system - Google Patents
End-to-end password middle station zero trust security gateway system Download PDFInfo
- Publication number
- CN116074125B CN116074125B CN202310303810.3A CN202310303810A CN116074125B CN 116074125 B CN116074125 B CN 116074125B CN 202310303810 A CN202310303810 A CN 202310303810A CN 116074125 B CN116074125 B CN 116074125B
- Authority
- CN
- China
- Prior art keywords
- subsystem
- service authorization
- service
- hostid
- usertoken
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an end-to-end password middle station zero trust security gateway system, which is characterized in that a new security access gateway system is designed, a service authorization table is respectively arranged in a core gateway and a password middle station on the basis of introducing HostID and UserID, and the flexibility and the security of the cloud computing middle station are greatly improved on the basis of realizing zero trust access to users and devices by comparing the service authorization tables of the core gateway and the password middle station.
Description
Technical Field
The invention relates to the technical field of computer networks, in particular to an end-to-end password middle station zero trust security gateway system.
Background
The internet today is formed by individual nodes located in a network allowing communication between each other. The interconnection and intercommunication among the nodes make the whole network have high efficiency on one hand, and on the other hand, the whole network becomes more fragile, and attacks can be initiated to other nodes at any one node. In order to ensure network security, the password is the most common means, and only users with the password can initiate access to the designated node. For large-scale systems in a network, the distribution and management of passwords are a very complex task, and the current mainstream mode is to establish a unified password middle station, and the password middle station is used for carrying out basic password services such as unified password management, authentication and the like. Because of the importance of the stations in the password, it tends to have a higher probability of being attacked.
In the prior art, the chinese application No. 202010927253 proposes an end-to-end zero trust security gateway system, which correlates a login request with a service request, and improves the security of gateway access to a certain extent, but does not provide separate authorization records for the crypto center and the core gateway, and the gateway and the service request are coupled together, which is not secure and real-time enough relative to the present invention.
If the crypto-center is attacked such that the password is compromised, the individual systems served by the crypto-center will suffer serious consequences. Thus, the importance of the stations in the password is more important than other systems on the network. The conventional security gateway is just one gate that accesses the password entry, and any User that enters the gate can access any corner in the password entry network. That is, the conventional gateway performs security management in units of a network. Although the password and different security levels can be configured for each subsystem in the password-middle network to ensure the safe operation of the system, the method is not logically isolated, that is, an attacker can still attack the whole network by acquiring the password. Meanwhile, the cryptographic center of an enterprise or an organization generally operates on the cloud, the marginal of a network is further blurred due to application on the cloud, and the original security division mode based on different networks cannot be suitable for security management of the cryptographic center on the cloud. That is, any User accessing through the cloud cannot judge whether it is a possible attacker or not through the network environment in which it is located.
Disclosure of Invention
In order to solve the network security problem faced by the existing password middle station network, the invention provides an end-to-end password middle station zero trust security gateway system so as to realize higher security protection of the password middle station.
The application provides an end-to-end password middle station zero trust security gateway system which is characterized by comprising a client, a core gateway and a password middle station;
the client comprises a mobile phone native application, a computer native application, a Web application or a special terminal, wherein the mobile phone native application, the computer native application and the Web application comprise a graphical user interface, the special terminal comprises an instruction operation interface, and the graphical user interface and the instruction operation interface can both send instructions for operating and controlling a password middle platform;
the core gateway consists of a capturing subsystem, an analyzing subsystem, a forwarding subsystem, an access filtering subsystem, a verification code generating subsystem and a first service authorization record table;
the password middle station consists of one or more password service subsystems and a second service authorization record table, and each subsystem corresponds to the IP address of different domain names;
the client sends out a first data packet accessing the first password service subsystem, and the capturing subsystem captures the first data packet;
analyzing the first data packet by the analysis subsystem to obtain a destination domain name in the first data packet;
the resolving subsystem resolves the destination domain name through DNS to obtain a destination IP address;
the client sends out a second data packet accessing the first password service subsystem, and the capturing subsystem captures the second data packet;
analyzing the second data packet by the analysis subsystem to obtain a HostID and a UserToken in the second data packet;
a first service authorization record table in the core gateway, which records service authorization information in the latest time period T;
inquiring the first service authorization record table according to the IP address, hostID and UserToken, and acquiring a first service authorization code;
if the first service authorization code is successfully acquired, the following steps are continuously executed:
s1: transmitting HostID, userToken and the first service authorization code to a first cryptographic service subsystem by the forwarding subsystem, wherein a second service authorization record table stored in a cryptographic center station records service authorization information in a latest time period T;
s2: the password middle station inquires a second service authorization record table according to the received HostID, userToken to obtain a second service authorization code, and compares the first service authorization code with the second service authorization code;
s3: if the comparison is successful, establishing connection, updating the authorization time in the second service authorization record table to be the time of the comparison success, sending the updated authorization time to the core gateway, and updating the authorization time in the first service authorization record table;
s4: if the comparison fails, rejecting the connection, deleting the authorization information corresponding to HostID, userToken in the second service authorization record table, returning the failure information to the core gateway, and deleting the authorization information corresponding to HostID, userToken in the first service authorization record table;
if the first service authorization code is not acquired, the following steps are continuously executed:
s5: the forwarding subsystem sends the IP address, the HostID and the UserToken to the access filtering subsystem, wherein the access filtering subsystem is configured with an access restriction filtering rule, and the access restriction filtering rule specifically comprises: whether the IP address belongs to an IP address which allows access, whether the IP address allows the HostID access, whether the IP address allows the UserToken access, whether the IP address is legal, whether the HostID belongs to an accessible Host packet, whether the UserToken belongs to an accessible User packet, and the like;
s6: if the IP address, hostID and userToken meet the filtering rule, executing the following steps:
s6.1: the verification code generation subsystem generates an access verification code;
s6.2: the forwarding subsystem sends the HostID, the userID and the verification code to a first password service subsystem, and the first password service subsystem carries out hash calculation on the verification code to obtain a hash value;
s6.3: performing hash verification according to the hash value, and specifically executing the following steps:
s6.3.1: if the hash verification is passed, establishing connection and generating an authorization code, adding HostID, userToken and the authorization code into the second service authorization table, taking the passing time of the hash verification as the service authorization time and adding the service authorization time into the second service authorization table, sending the information of the passing verification to a core gateway, adding HostID, userToken and the authorization code into the first service authorization table, and adding the passing time of the hash verification as the service authorization time into the first service authorization table;
s6.3.2: if the hash verification is not passed, rejecting the connection;
s7: if the IP address, hostID and userToken do not meet the filtering rule, connection is refused;
the application also provides a computer device, which comprises one or more memories, a processor and a network card, wherein the computer device is used for carrying out communication between devices through the network card, the memories are used for storing instructions of each step in the security gateway system, and the processor is used for executing the instructions.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the following description is given of the drawings to be used in the embodiments, which are only a part of the embodiments in the present application, and other real-time examples besides those unexpected in the following embodiments may be easily obtained by those of ordinary skill in the art;
fig. 1 is a schematic diagram of a system structure according to the present invention.
Detailed Description
The present invention will be further explained below with reference to the drawings in this embodiment, and it should be noted that the embodiment provided herein is only a part of embodiments of the present invention. Based on this summary, one of ordinary skill in the art can easily obtain other methods or products from the summary that can implement the present invention, and any other embodiments according to the present disclosure fall within the scope of protection of the present application.
Today, cloud computing has become the dominant way to provide computing services for enterprises, most of which are done based on cloud services. The cost of cloud computing and flexibility of service have incomparable advantages over traditional data centers or service rooms. But at the same time, the cloud service is quite different from the previous one in terms of its security management policy, as it is visible to all people. For a password center running in the cloud, due to the specificity of the password center, the password center has more severe requirements on security than other systems running in the cloud. The application on the cloud causes further blurring of the marginal of the network, and all people have the possibility of accessing the cloud, so that any person who needs to access the platform in the password through the cloud is regarded as unreliable, and the security and the flexibility of the platform in the password are greatly improved by designing a new security access gateway system and realizing zero-trust security access to users and devices.
Referring to fig. 1, fig. 1 illustrates an end-to-end password middle station zero trust security gateway system, and the system shown in fig. 1 is composed of a client, a core gateway and a password middle station;
the client comprises a mobile phone native application, a computer native application, a Web application or a special terminal, wherein the mobile phone native application, the computer native application and the Web application comprise a graphical user interface, the special terminal comprises an instruction operation interface, and the graphical user interface and the instruction operation interface can both send instructions for operating and controlling a password middle platform;
the core gateway consists of a capturing subsystem, an analyzing subsystem, a forwarding subsystem, an access filtering subsystem, a verification code generating subsystem and a first service authorization record table;
the password middle station consists of one or more password service subsystems and a second service authorization record table, and each subsystem corresponds to the IP address of different domain names;
the mobile phone client application of the User sends out a first data packet P accessing the first password service subsystem, and the capturing subsystem captures the first data packet P1;
analyzing the first data packet by the analysis subsystem to obtain a destination domain name in the first data packet, such as https:// www.jxpasswordcenter.com/authentication;
the resolving subsystem resolves the destination domain name through DNS to obtain a destination IP address 192.168.251.107;
the client sends out a second data packet accessing the first password service subsystem, and the capturing subsystem captures a second data packet P2;
parsing the second data packet by the parsing subsystem, acquiring HostID of FX01100101001010101001 and UserToken of lspvmsj%fnk) _fnk%%fnk%;
a first service authorization record table in the core gateway, which records service authorization information in the latest time period T;
inquiring the first service authorization record table according to the IP address, hostID and UserToken, and obtaining a first service authorization code daji-6 fdnakjn;
if the acquisition is successful, the following steps are continuously executed:
s1: transmitting HostID, userToken and the first service authorization code to a first cryptographic service subsystem by the forwarding subsystem, wherein a second service authorization record table stored in a cryptographic center station records service authorization information in a latest time period T;
s2: the password middle station inquires a second service authorization record table according to the received HostID, userToken to obtain a second service authorization code daji-6 fdnakjn, and compares the first service authorization code with the second service authorization code;
s3: if the comparison is successful, establishing connection, updating the authorization time in the second service authorization record table to be the time of the comparison success, sending the updated authorization time to the core gateway, and updating the authorization time in the first service authorization record table;
s4: if the comparison fails, rejecting the connection, deleting the authorization information corresponding to HostID, userToken in the second service authorization record table, returning the failure information to the core gateway, and deleting the authorization information corresponding to HostID, userToken in the first service authorization record table;
if the acquisition fails, the following steps are continuously executed:
s5: the forwarding subsystem sends the IP address, the HostID and the UserToken to the access filtering subsystem, wherein the access filtering subsystem is configured with an access limiting rule, and the access limiting rule specifically comprises: whether the IP address belongs to an IP address which allows access, whether the IP address allows the HostID access, whether the IP address allows the UserToken access, whether the IP address is legal, whether the HostID belongs to an accessible Host packet, whether the UserToken belongs to an accessible User packet, and the like;
s6: if the IP address, hostID and userToken meet the filtering rule, executing the following steps:
s6.1: the verification code generation subsystem generates an access verification code;
s6.2: the forwarding subsystem sends the HostID, the userID and the verification code to a first password service subsystem, and the first password service subsystem carries out hash calculation on the verification code to obtain a hash value;
s6.3: performing hash verification according to the hash value, and specifically executing the following steps:
s6.3.1: if the hash verification is passed, establishing connection and generating an authorization code, adding HostID, userToken and the authorization code into the second service authorization table, taking the passing time of the hash verification as the service authorization time and adding the service authorization time into the second service authorization table, sending the information of the passing verification to a core gateway, adding HostID, userToken and the authorization code into the first service authorization table, and adding the passing time of the hash verification as the service authorization time into the first service authorization table;
s6.3.2: if the hash verification is not passed, rejecting the connection;
s7: and if the IP address, the HostID and the UserToken do not meet the filtering rule, rejecting connection.
Claims (4)
1. An end-to-end password middle station zero trust security gateway system is characterized in that: the system consists of a client, a core gateway and a password middle station;
the core gateway consists of a capturing subsystem, an analyzing subsystem, a forwarding subsystem, an access filtering subsystem, a verification code generating subsystem and a first service authorization record table;
the password middle station consists of one or more password service subsystems and a second service authorization record table, and each subsystem corresponds to the IP address of different domain names;
the client sends out a first data packet for accessing the first password service subsystem, and the core gateway captures the first data packet;
analyzing the first data packet by the core gateway to obtain a destination domain name in the first data packet;
the core gateway resolves the destination domain name through DNS to obtain a destination IP address;
the client sends out a second data packet for accessing the first password service subsystem, and the core gateway captures the second data packet;
analyzing the second data packet by the core gateway to obtain a HostID and a UserToken in the second data packet;
a first service authorization record table in the core gateway, which records service authorization information in the latest time period T;
inquiring the first service authorization record table according to the IP address, hostID and UserToken, and acquiring a first service authorization code;
if the first service authorization code is successfully obtained, the HostID, userToken and the first service authorization code are sent to the first cryptographic service subsystem for authorization code comparison, which specifically comprises the following steps:
s1: transmitting HostID, userToken and the first service authorization code to a first cryptographic service subsystem by the forwarding subsystem, wherein a second service authorization record table stored in a cryptographic center station records service authorization information in a latest time period T;
s2: the password middle station inquires a second service authorization record table according to the received HostID, userToken to obtain a second service authorization code, and compares the first service authorization code with the second service authorization code;
s3: if the comparison is successful, establishing connection, updating the authorization time in the second service authorization record table to be the time of the comparison success, sending the updated authorization time to the core gateway, and updating the authorization time in the first service authorization record table;
s4: if the comparison fails, rejecting the connection, deleting the authorization information corresponding to HostID, userToken in the second service authorization record table, returning the failure information to the core gateway, and deleting the authorization information corresponding to HostID, userToken in the first service authorization record table;
if the first service authorization code is not acquired, the whole process verification is performed, which specifically comprises the following steps:
s5: the forwarding subsystem sends the IP address, the HostID and the UserToken to an access filtering subsystem, wherein the access filtering subsystem is configured with an access restriction filtering rule;
s6: if the IP address, hostID and userToken meet the filtering rule, executing the following steps:
s6.1: the verification code generation subsystem generates an access verification code;
s6.2: the forwarding subsystem sends the HostID, the userID and the verification code to a first password service subsystem, and the first password service subsystem carries out hash calculation on the verification code to obtain a hash value;
s6.3: carrying out hash verification according to the hash value to judge whether to establish connection or not;
s7: and if the IP address, the HostID and the UserToken do not meet the filtering rule, rejecting connection.
2. The system of claim 1, wherein the client comprises a cell phone native application, a computer native application, a Web application, or a dedicated terminal, the cell phone native application, the computer native application, and the Web application comprising a graphical user interface, the dedicated terminal comprising an instruction manipulation interface, the graphical user interface and the instruction manipulation interface each capable of sending instructions to manipulate and control a cryptographic center.
3. The system of claim 2, wherein the access filtering subsystem is configured with access restriction filtering rules specifically comprising: whether the IP address belongs to an IP address which allows access, whether the IP address allows the HostID access, whether the IP address allows the UserToken access, whether the IP address is legal, whether the HostID belongs to an accessible Host packet, and whether the UserToken belongs to an accessible User packet.
4. A system according to claim 3, wherein said hash verification based on the hash value to determine whether to establish the connection comprises the steps of:
s6.3.1: if the hash verification is passed, establishing connection and generating an authorization code, adding HostID, userToken and the authorization code into the second service authorization table, taking the passing time of the hash verification as the service authorization time and adding the service authorization time into the second service authorization table, sending the information of the passing verification to a core gateway, adding HostID, userToken and the authorization code into the first service authorization table, and adding the passing time of the hash verification as the service authorization time into the first service authorization table;
s6.3.2: if the hash verification is not passed, the connection is refused.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310303810.3A CN116074125B (en) | 2023-03-27 | 2023-03-27 | End-to-end password middle station zero trust security gateway system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310303810.3A CN116074125B (en) | 2023-03-27 | 2023-03-27 | End-to-end password middle station zero trust security gateway system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116074125A CN116074125A (en) | 2023-05-05 |
CN116074125B true CN116074125B (en) | 2023-05-30 |
Family
ID=86170065
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310303810.3A Active CN116074125B (en) | 2023-03-27 | 2023-03-27 | End-to-end password middle station zero trust security gateway system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116074125B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110120946A (en) * | 2019-04-29 | 2019-08-13 | 武汉理工大学 | A kind of Centralized Authentication System and method of Web and micro services |
CN112685709A (en) * | 2021-01-13 | 2021-04-20 | 树根互联技术有限公司 | Authorization token management method and device, storage medium and electronic equipment |
CN114238036A (en) * | 2022-02-23 | 2022-03-25 | 成都运荔枝科技有限公司 | Method and device for monitoring abnormity of SAAS (software as a service) platform in real time |
CN114518909A (en) * | 2022-02-17 | 2022-05-20 | 中国建设银行股份有限公司 | Authorization information configuration method, device, equipment and storage medium based on API gateway |
CN115499235A (en) * | 2022-09-27 | 2022-12-20 | 江苏易安联网络技术有限公司 | DNS-based zero-trust network authorization method and system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11323426B2 (en) * | 2017-10-19 | 2022-05-03 | Check Point Software Technologies Ltd. | Method to identify users behind a shared VPN tunnel |
-
2023
- 2023-03-27 CN CN202310303810.3A patent/CN116074125B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110120946A (en) * | 2019-04-29 | 2019-08-13 | 武汉理工大学 | A kind of Centralized Authentication System and method of Web and micro services |
CN112685709A (en) * | 2021-01-13 | 2021-04-20 | 树根互联技术有限公司 | Authorization token management method and device, storage medium and electronic equipment |
CN114518909A (en) * | 2022-02-17 | 2022-05-20 | 中国建设银行股份有限公司 | Authorization information configuration method, device, equipment and storage medium based on API gateway |
CN114238036A (en) * | 2022-02-23 | 2022-03-25 | 成都运荔枝科技有限公司 | Method and device for monitoring abnormity of SAAS (software as a service) platform in real time |
CN115499235A (en) * | 2022-09-27 | 2022-12-20 | 江苏易安联网络技术有限公司 | DNS-based zero-trust network authorization method and system |
Non-Patent Citations (1)
Title |
---|
"基于零信任的云环境数据存储加密模型研究";孟慧石、刘军;《网络安全技术与应用》(第1期);第62-68页 * |
Also Published As
Publication number | Publication date |
---|---|
CN116074125A (en) | 2023-05-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2021115449A1 (en) | Cross-domain access system, method and device, storage medium, and electronic device | |
US7624429B2 (en) | Method, a network access server, an authentication-authorization-and-accounting server, and a computer software product for proxying user authentication-authorization-and-accounting messages via a network access server | |
US20080301801A1 (en) | Policy based virtual private network (VPN) communications | |
KR20080024469A (en) | Preventing fraudulent internet account access | |
WO2022247751A1 (en) | Method, system and apparatus for remotely accessing application, device, and storage medium | |
US11838269B2 (en) | Securing access to network devices utilizing authentication and dynamically generated temporary firewall rules | |
JP3987539B2 (en) | Session information management method and session information management apparatus | |
US20100125668A1 (en) | Methods, Systems, and Computer Program Products for Enhancing Internet Security for Network Subscribers | |
JP5864598B2 (en) | Method and system for providing service access to a user | |
US11784993B2 (en) | Cross site request forgery (CSRF) protection for web browsers | |
CA2716689C (en) | Address couplet communication filtering | |
US10873497B2 (en) | Systems and methods for maintaining communication links | |
US20240015010A1 (en) | Crypto tunnelling between two-way trusted network devices in a secure peer-to-peer data network | |
US20150215314A1 (en) | Methods for facilitating improved user authentication using persistent data and devices thereof | |
JP2018502394A (en) | Computer-readable storage medium for legacy integration and method and system for using the same | |
US20220021653A1 (en) | Network security device | |
CN105187380A (en) | Secure access method and system | |
CN115603932A (en) | Access control method, access control system and related equipment | |
CN114600426A (en) | Email security in multi-tenant email services | |
US10931662B1 (en) | Methods for ephemeral authentication screening and devices thereof | |
US20090271852A1 (en) | System and Method for Distributing Enduring Credentials in an Untrusted Network Environment | |
US20240056428A1 (en) | Crypto-signed switching between two-way trusted network devices in a secure peer-to-peer data network | |
WO2011063658A1 (en) | Method and system for unified security authentication | |
CN116074125B (en) | End-to-end password middle station zero trust security gateway system | |
US7631344B2 (en) | Distributed authentication framework stack |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |