81results about How to "Reduce the risk of being attacked" patented technology

The invention discloses an automatic WIFI accessing method and system of a device. The method comprises: a device waiting for accessing to the Internet establishes connection with a device already accessing to the Internet and sends authentication information to an authentication platform via the device already accessing to the Internet, wherein the device already accessing to the Internet is already authenticated via the authentication platform and already logs in a home gateway; the authentication platform authenticates the authentication information of the device already accessing to the Internet; when the authentication platform succeeds in authenticating the authentication information of the device already accessing to the Internet, the device already accessing to the Internet sends a service set identification (SSID) and a key of the home gateway to the device waiting for accessing to the Internet; and the device waiting for accessing to the Internet logs in the home gateway according to the received SSID and key of the home gateway and then accesses to the Internet. The automatic WIFI accessing method and system of the device are capable of reducing the risk that an intelligent device is attacked in the process of automatically accessing to the Internet, and reducing user intervention.

The invention discloses a network access authority management method and device, computing equipment and a computer storage medium, and the method comprises the steps: receiving a user login request transmitted by a terminal; authenticating the user login request, and if the authentication is successful, determining a user attribute corresponding to a user ID according to associated data stored ina database; determining an access control list corresponding to the user ID according to the user attribute; and managing the network access authority of the terminal according to the access controllist and a mapping relationship table among the user ID, a terminal IP and a terminal identifier. According to the technical scheme of the invention, fine-grained network access authority management is realized, the network access authority of the terminal can be conveniently managed according to the access control list and the mapping relation table, diversified authority management requirementsare well met, network attack resistance is facilitated, and the risk that a resource server is attacked is reduced.

The invention discloses an application-based service security system and method. In the system, a target terminal is used for acquiring a request message and a session token, encrypting the request message and the session token according to a first random key and a first preset encryption rule to obtain message token encrypted data, and sending the message token encrypted data to a merchant server; a merchant server is used for carrying out signature processing on the message token encrypted data, obtaining message token signature data and feeding back the message token signature data to the target terminal; a target terminal is also used for encrypting the message token signature data again according to the second random key to obtain target signature data and sending the target signature data to the user server; and a user server is used for verifying the target signature data, and executing the corresponding business service according to the target signature data if the verification is passed. Based on the information security, the data interaction security is improved by encrypting the message, authenticating the identity and signing the data.

The invention discloses a key negotiation method and an electronic device, and relates to the technical field of communication. Specifically, the method comprises the following steps: an IoT control device multicasting a discovery message carrying a first public key in a first local area network, and sending a second ciphertext to a first IoT device after receiving a first ciphertext and a secondpublic key; after receiving the third ciphertext from the first IoT device, the IoT control device decrypting the third ciphertext according to the first session key to obtain a second signature and second session information; verifying the second signature based on the long-acting public key of the first IoT device; and after the second signature is successfully verified, performing encrypted communication with the first IoT device based on the first session key. According to the technical scheme, the IoT control device carries the first public key in the discovery message, so that the STS negotiation process is fused into the discovery process, the number of times of message interaction between the IoT device and the IoT control device is reduced, and the efficiency of obtaining the session key is improved.

The embodiment of the invention discloses an intelligent equipment management system based on an Internet of Things edge computing server. The intelligent equipment management system comprises a sensing layer, a network layer, a bearing layer, a platform layer and an application layer; the sensing layer is in communication connection with the bearing layer through the network layer; the bearing layer comprises an edge computing server; the platform layer comprises an intelligent equipment management module; wherein the edge computing server is directly connected with the intelligent device management module through a multicast technology or through a private cloud, the application layer is a web browser or a mini program, the application layer is in network connection with the intelligentdevice management module, and a user performs interaction and management on an intelligent device through the application layer. The problem that existing enterprise operation data cannot be privatized and locally deployed is solved.

The invention relates to an identity authentication method and device based on a password technology, computer equipment and a storage medium. The method comprises the following steps: performing facedetection on a to-be-detected object to obtain a face detection result, and generating a random display code sequence according to the face detection result; extracting lip action features of the to-be-detected object, and performing feature analysis on the lip action features by utilizing the lip language recognition model to obtain a lip action feature display code; extracting interpretation audios of the to-be-detected object, converting the interpretation audios into voice text display codes, comparing the lip action feature display codes and the voice text display codes with the random display code sequence, and performing living body detection on the to-be-detected object when the lip action feature display codes and the voice text display codes conform to the random display code sequence; when living body detection is passed, comparing the face image file of the to-be-detected object with the face detection result to obtain an identity authentication result. According to the method, face, lip language and voice recognition is combined, and the reliability and safety of identity authentication are enhanced.

The invention discloses a file uploading device based on asynchronous javascript and xml (Ajax) technology, which comprises the processes that a user terminal is used for confirming a file needing unloading which is transmitted to a server through the user terminal in Ajax asynchronous communication mode, the server receives confirmed writing-in instruction transmitted by the user terminal and writes the file needing unloading stored in a buffer zone into a storage unit, and then the file needing unloading stored in the server is deleted.

The invention relates to a method and device for realizing network security communication, and equipment. The method comprises the steps: receiving a service access request which comprises the identification of a service access side, the network information of the service access side, the service access information and the session information; performing first authentication on the service accessrequest based on the network information of the service access party; when the first authentication succeeds, determining a service access party encryption algorithm corresponding to the service access party based on the identifier of the service access party; performing second authentication on the service access request based on the service access party encryption algorithm, the service access information and the session information; and when the second authentication succeeds, obtaining corresponding service data based on the service access request, and returning the service data to the service access party. According to the invention, the security of the system and background data can be improved, and the risk that the service system is attacked is reduced.

The invention provides a distributed software distribution method, comprising the following steps: a server issues software distribution commands to all clients, wherein the software distribution commands contain random time; after reaching the random time, the client requests a distribution node from the server; the client of which the random time is 0 directly downloads the software from the server, opens a download port after completing the download, and registers as the distribution node to the server; if the request for the distribution node succeeds, the client can download the required software from the distribution node; if the request for the distribution node fails or times out, the client will download the software from the server; and the server sends the distribution node to the client after receiving the register of the distribution node. According to the distributed software distribution method provided by the invention, the client in the network is fully used to ensure that the load of the backbone network and the primary server can be reduced, and the distribution speed and efficiency can be increased; and meanwhile, as the opening time of the distribution node is limited, the attack risk of terminals can be reduced.

The invention discloses a method and system for achieving the secret key generation and protection through cloud and terminal three-power separation, and belongs to the technical field of information safety. The invention aims at solving a technical problem that how to improve the safety of a secret key of a user. The employed technical scheme is that the method comprises the steps: enabling a mobile terminal, an SaaS service side and a third password service side to jointly form a secret key SM2; enabling the mobile terminal, the SaaS service side and the third password service side to respectively store the respective secret key segments; enabling the mobile terminal, the SaaS service side and the third password service side to respectively calculate the data according to the secret key segments after a user completes the certification at the mobile terminal, carrying out the secondary calculation of a calculation result, and forming a final result. The system comprises the mobile terminal, the SaaS service side, the third password service side and a cloud password machine.

The invention discloses a network forwarding keyboard and mouse code processing method, device and system, and the method comprises the steps: enabling a control end to receive an operation instruction when the control end needs to control a controlled end, selecting the control end and the controlled end which need to be controlled, and obtaining keyboard and mouse event data; enabling the control end to encode the acquired keyboard and mouse event data into a network data packet, and sending the network data packet to a board card connected with the controlled end and used as transfer equipment through a network; receiving the network data packet by a board card which is connected with the controlled end and serves as transfer equipment, decoding and restoring the network data packet into a keyboard and mouse event code, and sending the keyboard and mouse event code to a host of the controlled end; and enabling the host of the controlled end to receive the converted standard keyboardand mouse event code, and executing corresponding control operation according to the standard keyboard and mouse event code. The USB keyboard and the mouse are forwarded through the network, the standard keyboard and the standard mouse can operate different computers and be controlled by the different computers through the network, safety is improved, and convenience is brought to use of a user.

The invention discloses computing equipment and an equipment communication method. The method comprises the steps: receiving first data transmitted by second computing equipment at a network side; analyzing the communication structure of the first data, transmitting second data, corresponding to the first data, of a communication structure to the second computing equipment if the communication structure of the first data is not a first communication structure, wherein the second data is used for indicating the second computing equipment to transmit the data of the first communication structure. Through a reverse authentication mechanism, the method achieves the 'first verification, second connection' network access management, avoids the attack risks caused by the first connection, and guarantees the network safety and equipment safety of a private network. Moreover, the method employs a no-response strategy, reduces the attack risks, and further guarantees the network safety and equipment safety of the private network.

The embodiment of the invention relates to a service request message data processing method and device. The method comprises the following steps: acquiring first service request message data; performing request permission verification processing on the first service request message data; if verification succeeds, disassembling the first service request message data according to a request message data format of a hypertext transfer protocol to generate corresponding first request path data and a first parameter data set; querying a first corresponding relation table according to the first request path data, and generating corresponding first host address data and second request path data; and splicing and generating second service request message data according to a hypertext transfer protocol, and sending the second service request message data to a first server corresponding to the first host address data. The service with the function of method is deployed at the interface position of the application system and the public network, so that the attack risk can be reduced, and the software and hardware overhead of the sub-service for processing the service request can be reduced.

The invention discloses a table element linkage method which comprises the following steps: acquiring configuration information pre-stored by a server on an operation page, and generating a target table based on the configuration information and a template component corresponding to the configuration information; if an editing event based on the target table is detected, determining an editing item corresponding to the editing event, and querying whether the editing item has an associated item or not based on the configuration information; and if so, executing a linkage operation on the associated item. The invention further discloses a table element linkage device and equipment and a computer readable storage medium. According to the method, the configuration information indicating the linkage relationship is transmitted to the server side for storage in the preset standard format, coding is not needed, the risk that codes are attacked is reduced, the target table is rapidly generated through the template assembly, and the target table is more flexible and easy to maintain.

The invention discloses an unmanned aerial vehicle GNSS deception detection method based on a flight path, and mainly solves problems that an attack risk is increased due to the change of a task flight path and the interference is easily caused due to the dependence on a sensor in the prior art. According to the scheme, a guidance position is calculated by means of an expected course angle obtained by a guidance system and a flight speed and a navigation position obtained by a navigation system; a navigation track and a guidance track are obtained according to the two positions; whether the distance deviation between the navigation position and the guidance position is continuously larger than a threshold value or not is judged, whether the average value of the distance deviation between the two tracks is larger than the threshold value or not is judged, and whether the distance deviation between the two track end points is larger than the threshold value or not is judged, if so, the unmanned aerial vehicle is determined to be subjected to spoofing attack, and the unmanned aerial vehicle does not use GNSS data any more and finishes detection; otherwise,the data is continuously used to realize cyclic detection of the unmanned aerial vehicle. According to the invention, the risk that the unmanned aerial vehicle is subjected to spoofing attacks is reduced, the safety of an unmanned aerial vehicle system is enhanced, and the method can be used for detecting external attacks of the unmanned aerial vehicle system.

The embodiment of the invention provides a data transmission method and device. The data transmission method comprises the steps of generating a PDCP data packet by performing integrity protection onto-be-sent data, wherein the PDCP data packet comprises identification information and integrity protection information, and the identification information is at least used for indicating that integrity protection is carried out on data carried in the PDCP data packet, and the integrity protection information is used for carrying out integrity verification on the data carried in the PDCP data packet; and sending the PDCP data packet. According to the data transmission method provided by the embodiment of the invention, integrity protection is performed on the data carried in the PDCP data packet, and indication is performed through the identification information, so that the security of data transmission is improved.

The invention discloses a trusted cloud task scheduling system, comprising a cloud cluster, a control system, a cloud database and a blockchain network. On the basis of a cloud cluster architecture, the system combines a blockchain network technology and uses the blockchain network to record hashes of cloud task scheduling information; the system can combine cloud scheduling with the blockchain technology, and increases an audit function; and the system can record the scheduling condition of cloud tasks within a cloud platform, provide trusted data information and reduce the risk of being attacked.

The invention discloses a traceable access control method based on double block chains, and the method comprises the steps: generating a decryption key, storing a file, storing an access control strategy, carrying out access authorization, carrying out user access, carrying out file decryption, and enabling an initial user to provide own attribute information for registration, thereby obtaining the decryption key; the uploaded file is encrypted and then stored in the IPFS, an intelligent access strategy of attributes is set according to the file, and the file can be accessed only when the intelligent strategy is met; and the accessed file also needs to be decrypted by a decryption key during registration, and when the file is tampered, the access process is checked to search for illegal users, so that more accurate equipment traceability is achieved. According to the method, the unpaired CP-ABE algorithm is adopted to encrypt the uploaded file, and the simple scalar multiplication in the elliptic curve encryption is utilized to replace bilinear pairing, so that the file encryption efficiency is improved; the IPFS is used for storing file data, the risk that a database is attacked is reduced, and the files are prevented from being lost and tampered.