91results about How to "Enable secure access" patented technology

The invention discloses a secure access control system and method for network terminal nodes. A C/S (client/server) architecture is provided between a secure access client and a CA (certificate authority) authentication server, and another C/S architecture is provided between the secure access client and an RADIUS (remote authentication dial-in user service) authentication server; the two C/S architectures are used for user identity authentication and terminal access authentication, respectively. A B/S (browser/server) architecture is provided between a security management client and a security management server and is used mainly for registering and checking user information, setting network access group permissions and controlling and monitoring secure access in real time. The secure access control system and method has the advantages that the access terminals can be subjected to trusted identity authentication, trusted access authentication, terminal proxy authentication, network access permission control and network access state real-time monitoring; a trusted terminal access control system based on identity authentication is achieved and is stable and reliable and is high in authentication efficiency, violations such as NAT (network address translation) and proxy services can be detected and warned accurately, network states of terminal users are monitored and controlled through a web management interface, and the needs of private networks for safety management can be fully met.

The invention discloses a self-organization system and a method, which are used for achieving safe network access of a home NodeB and have self-organization characteristics. The system comprises a home NodeB; a home NodeB configuration server interacting with the home NodeB for providing a configuration data information and the version information of the home Node B to the home NodeB; a home network controller for receiving scan reports formed by scanning the information of a neighboring region by the home NodeB after the home NodeB achieves the system configuration according to the configuration data information and the version information, and selecting and distributing carrier frequencies, scrambling codes and a neighboring region list for the home NodeB; and a secure gateway for authenticating the home NodeB and for respectively constructing channels between the home NodeB and the home NodeB configuration server and between the home NodeB and the home network controller. The system can achieve safe network access of the home NodeB and has self-organization characteristics.

The invention discloses a safe and high-efficient quantum key service method. The method aims at solving flexibility, safety and efficiency problems of a cross-domain service of a quantum key from a QKD network to a traditional secret communication network. A special interface is adopted to realize real-time access and adaption of the quantum key; cross-domain isolation is adopted to realize physical safety of quantum key processing; and a centralized layout and distributed encryption ferry is adopted to realize a safe and high-efficiency service of the quantum key. In the invention, through deploying a quantum key service system on a QKD node, based on the traditional secret communication network, a safe and high-efficiency quantum key service is provided for a user in an area range; and simultaneously the safety, flexibility and efficiency problems of the quantum key service are solved. Based on high safety, convenient application access and a flexible service mode, a good application prospect is possessed in fields of party, government, industrial control, finance, military and the like.

The embodiment of the invention provides a platform data management method and device based on a block chain and a storage medium, and relates to the technical field of block chains. The method comprises the steps of obtaining change data corresponding to a data change event when the data change event of any service node under a service platform is monitored; wherein the service platform comprisesa plurality of service nodes which are constructed based on a block chain technology and are deployed in the same block chain network; encrypting the change data based on the authority information ofthe change data, and generating a target block corresponding to the change data; and after determining that the identity verification of the service node is passed, broadcasting the target block in other service nodes in the blockchain network. According to the technical scheme, data sharing of a plurality of original independent data systems is achieved, the service nodes corresponding to the data systems are deployed in the same block chain network, data sharing is guaranteed, meanwhile, information safety is effectively improved, and cross-department efficient and safe utilization of service data is achieved.

The invention discloses a terminal and a method for improving system safety. The terminal comprises a configuration module and a storage module, wherein the configuration module is used for configuring specific domains to a plurality of users, the users comprise the safe users and the common users, the specific domain of each safe user is a safe domain, and the specific domain of each common user is a common domain; the storage module is used for storing application data commonly used by the users in the specific domains corresponding to the users. By means of the technical scheme, the terminal and the method for improving the system safety solve the problem that an existing safe system cannot relate to multi-user safety solution schemes. By combining a multi-user mechanism and a Seandroid mechanism, a safety solution scheme is provided for the system, application can process the data in the specific domains of the users, and therefore the effect of improving the system safety is achieved, and the single terminal can have safe access to the data in the specific domains.

The invention discloses a wireless body area network security access method. Two interaction modes, namely, the unicast mode and the multicast mode, are set; two launching modes are set, and in other words, a network coordinator launches hand shaking and sensor nodes launch hand shaking; thus, when a certain part is injured and the blood pressure suddenly rises or in other words, the measurement indexes of a certain or some sensor nodes exceed the corresponding index limitations, the corresponding sensor nodes actively launch the hand shaking process, the situations of patients are rapidly fed back to medical staff, and patients are helped in time. According to the method, dynamic negotiation of a user conversation key is achieved through enhanced four-step hand shaking, hand shaking information is reduced, all the information is encrypted, the unicast access mode and the multicast access mode are set, and the remote access problem is solved through a multi-hop method. The method has the advantages that the access efficiency of a large number of sensing nodes is high, security is high, and the energy consumption is low, and the method can be used for the access of the sensing nodes in a wireless body area network and the dynamic negotiation of the user conversation key.

The invention discloses a method and an apparatus for opening a USB device corresponding to an appointed port, solves the problem of unfixed port number in the prior art, belonging to the technical field of USB device. The method for opening a USB device corresponding to an appointed port comprises: obtaining the port number of a USB device inserted into a USB port; judging whether a GUID-based device name corresponding to the port number in a configuration file is empty or not; and opening the inserted USB device according to the configuration information corresponding to the port number in the configuration file if the device name is not empty. The apparatus for a USB device corresponding to an appointed port includes a USB port unit, a scanning unit, a judging unit and an opening unit. According to the method and the apparatus for opening a USB device corresponding to an appointed port, a USB port and a USB device can be bound, the USB device corresponding to a USB port can be read and written, thus realizing the security access of the USB device corresponding the specific port.

The invention discloses an enterprise finance management system with security protection, and relates to the field of finance management. The system comprises multiple ordinary clients, a protection client, a finance management terminal, a leader management terminal, a finance storage module, a server and a security module. According to the enterprise finance management system, the security protection is performed on each of the terminals via the security module; the identity verification is performed on users of the ordinary clients via a user identity verification module and a user authorityverification module to implement security access to ordinary finance data; the security access is performed comprehensively on aspects such as a user identity, an access browse and an access historical trace of the protection client via a security access unit, a time supervision unit and an access trace recording unit; and well-organized security management of the finance data is implemented by setting a security level on the finance data, correspondingly storing to each level of storage units and selecting different work modes according to a level of an access authority; and thus the comprehensive security protection of the enterprise finance management system is implemented.

The present invention discloses a universal network safe access area system applicable to an electric power private network and a message processing method. The safe access area system includes two identical universal access devices, a forward network isolating device for electric power and a reverse network isolating device for electric power. The universal access devices are used as message agents of an internal network area host and an external network area host to convert an original message into a message that can pass through the forward network isolating device for electric power and the reverse network isolating device for electric power, thus realizing non-inductive access to the internal network area host and the external network area host. The forward/reverse network isolating devices for electric power are used as physical isolation and protocol conversion. The present invention has the advantages that the system structure is simple, the original access method is not affected, the access difficulty is reduced, the universal access devices are free of configuration, the risk of network failure is lowered, and it is convenient to operate and maintain, thus providing protection for safe access of the internal network area when longitudinal connection of an internal network area and an external network area is required.

The invention is suitable for multimedia application field and provides a value-added service integration method for a network television user. The method comprises the following steps of: setting up and deploying an OAUTH (Open the Authentication) server; applying for registering an OAUTH account by a third-party application, and integrating an API (Application Program Interface) provided by a television OAUTH service provider according to the application function; opening the third-party application corresponding to television programs by a user, issuing a calling request to the OAUTH server by the API integrated by the third-party application to carry out user and resource authorization to the third-party application; and obtaining the user information authorized by the user and carrying out interaction with the user by the third-party application. According to the method, the integration of the third-party application and the television value added service is realized, the API calling inside television equipment is opened, and on the premise that the television provides the base core function API, the third-party application can be self-integrated and the peripheral service can be expanded. The safety access to the television resources is effectively realized through the operation authorization realized by an OAUTH protocol, and the rapidity and the safety for API calling and the resource access are ensured.

The application aims to provide a method and equipment for implementing safety access. The method comprises the steps of: acquiring access response information corresponding to an access request sent by a VPN (Virtual Private Network) client; executing a safety detection operation on the access response information; and when a corresponding safety detection result is that the access response information is safe, providing the access response information to user equipment corresponding to the VPN client. Compared with the prior art, according to the method and equipment provided by the application, the acquired access response information corresponding to the access request sent by the VPN client of the user equipment is subjected to the safety detection operation by network equipment, and the access response information, of which the safety detection result is that the access response information is safe, is sent to the user equipment, thereby avoiding direct acquisition of the user equipment on network transmission data which is not subjected to safety detection, effectively implementing interception on access response information with the safety problem and preventing the potential safety hazard brought to the user equipment by the access response information.

The invention relates to a data security transmission system based on a data gateway. The system comprises a plurality of PC terminals and a plurality of service system servers, wherein the PC terminals and the service system servers perform bidirectional data transmission through data gateway equipment. Data gateway software is installed in each service system server. Before a PC terminal accesses the service system server, data gateway software needs to be installed in the PC terminal; the data gateway equipment performs trust judgment on the PC terminal, adds a private protocol data head toa service data packet received from the PC terminal and transmits the service data packet to a service system server when the service data packet is confirmed to be a trusted terminal; the service system server analyzes and judges whether the data packet is reported by the data gateway equipment or not, and if not, the service system server intercepts the data packet and returns an unauthorized access data packet; and if yes, the service system server analyzes the data packet, performs service response processing and then returns a response data packet, so that the method is safe and efficient. The invention also relates to a data security transmission method based on the data gateway.

The invention discloses a method for managing network elements by a network management system. The method comprises the following steps: the network management system sends a management data packet to the network elements, wherein, the management data packet contains module units, management items and management content fields which need to be managed in the network elements; and the network elements receive and send the management data packet to the corresponding module units in the network elements for processing, and take the processing results as response information to return to the network management system. By adopting the method, the data packet format defined by an SNMP (simple network management protocol) is extended; and by adding information of the network elements such as the module units, the management items, the management content and the like to the data fields, when the network management system allocates the network elements, a plurality of interactive processes between the network management system and the managed network element equipment are effectively simplified, the communication traffic between the network management system and the managed network element equipment is reduced, and the operating efficiency for network management is improved when the network management system carries out network element configuration.

The invention discloses an access request processing method, which is applied to a container cloud platform and comprises the following steps: determining an access authorization strategy, wherein the access authorization strategy is a code for configuring access authority between micro-service components, and the micro-service components run on the container cloud platform; enabling the access authorization strategy to take effect in the container cloud platform through a declarative API; and performing access permission verification on an access request sent between the micro-service components by using the access authorization strategy, and executing a corresponding processing operation on the access request according to an access permission verification result. According to the invention, non-invasive micro-service secure access can be realized, and the security of the container cloud platform is improved. The invention further discloses a container cloud platform, electronic equipment and a storage medium, which have the above beneficial effects.

The invention provides an information security access architecture, method and system. The architecture comprises a CPU (central processing unit) chip, a plurality of PCIe (peripheral component interface express) exchanging chips and PCIe equipment; the CPU chip is respectively interconnected with the PCIe exchanging chips through a peripheral component express interconnection bus, i.e. a PCIe bus; the PCIe exchanging chips are interconnected with the PCIe equipment. By adopting the information security access architecture, method and system, the problem that the corresponding PCIe equipment cannot be accessed due to the failure of a communication link can be avoided, and the information security access is realized.

The invention discloses a method for achieving remote access. The method comprises the steps that a virtual keyboard, a display and a mouse (KVM) remote access request sent by a user side is acquired, wherein the remote access request carries ID information and a virtual KVM address of accessed equipment; a virtual KVM mapping address of the accessed equipment is acquired according to the ID information of the accessed equipment; the virtual KVM address of the accessed equipment is replaced with the virtual KVM mapping address; and a virtual KVM session connection between the user side and the accessed equipment is established according to the virtual KVM mapping address. The invention further discloses a device for achieving remote access.

The invention discloses multiple host network architecture and gateway device, which is used to solve the problem that the existing WiMAX network architecture generates too high ASN and G-MS resource consumption and can not support the host devices based on the 802.16 radio transmission protocol. The multi-host network architecture of the invention includes: at least two host devices, and internetworking access server ASN and connection service network CSN; the described network also includes gateway device, which is connected with all host devices via the first interface and connected with the ASN via the second interface.

The present invention provides a WiFi access method and device. The WiFi access method comprises a step of sending registration information to an access point detection platform to carry out access point registration, and receiving a registration success result which is returned after the access point detection platform verifies the registration information, wherein the registration information comprises access authentication related information and a public key, a step of receiving a connection verification request sent by a WiFi client, and generating authentication information by using a preset private key and sending the authentication information to the WiFi client, and forwarding a connection access request comprising the authentication information sent by the WiFi client to the access point detection platform, a step of receiving an authentication success result notification fed by the access point detection platform after the access point detection platform carries out legal authentication on the authentication information by using the public key in the registration information, and establishing a WiFi connection with the WiFi client. Through the embodiment of the invention, the security of the WiFi verification is improved, the data information is prevented from being tampered maliciously, the access to a fishing WiFi access point is prevented, and the secure access of WiFi is realized.

The invention discloses a physical isolation type USB port protection system and method. The protection system comprises a central processor, an upper computer connected with multiple user computers, an external memory used for storing user names and passwords and multiple relays used for controlling on-off of multiple USB ports in the user computers according to switching signals of the central processor. The upper computer is connected with the central processor through serial communication, and the control ends of the relays and the output end of the external memory are electrically connected with corresponding ports of the central processor. The protection method includes the steps that according to the user names, the central processor divides users into three levels, namely, common users, senior users and secret commissioners; the users input the user names and the passwords into the user computers, and the central processor controls login of the users according to the user names and the passwords; the central processor determines the levels of the users according to the user names and determines USB port use permission of the users. The protection method guarantees controllability of data in a computer.