Method for implementing distributed security policy, client terminal and communication system thereof

A security strategy and implementation method technology, applied in transmission systems, network connections, electrical components, etc., can solve problems such as being easily tampered by others, access control failure, etc., and achieve the effect of flexible access control, lightening burden, and ensuring security

Active Publication Date: 2009-05-13
CHENGDU HUAWEI TECH
View PDF0 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] In the existing technology, since the ACL delivered to the client is directly in the memory, it is easy to be tampered with by others, resulting in failure of access control

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for implementing distributed security policy, client terminal and communication system thereof
  • Method for implementing distributed security policy, client terminal and communication system thereof
  • Method for implementing distributed security policy, client terminal and communication system thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0040] This embodiment describes a method for implementing a distributed security policy. Through this method, the integrity, confidentiality, and security of the access control list at the client side can be ensured when access control is processed in a distributed manner. A detailed description will be given below in conjunction with the accompanying drawings.

[0041] see figure 1 , the method of this embodiment may include the following steps:

[0042] Step 101: After passing the authentication, obtain the access control list corresponding to the user;

[0043] Before step 101, it may also include:

[0044] Initiate a request to establish a secure socket layer connection to the gateway;

[0045] After establishing the secure socket layer request, sending an authentication request to the gateway;

[0046] If the gateway passes the authentication, go to step 101.

[0047] Step 102: Calculate the access control list through a keyed hash algorithm (HMAC), and store the ca...

Embodiment 2

[0070] This embodiment describes a method for implementing a distributed security policy. Through this method, the integrity, confidentiality, and security of the access control list at the client side can be ensured when access control is processed in a distributed manner. A detailed description will be given below in conjunction with the accompanying drawings.

[0071] see figure 2 , the method of this embodiment may include the following steps:

[0072] Step 201: the client establishes an SSL connection with the gateway;

[0073] The client can establish an SSL connection with the gateway by sending an SSL connection establishment request message to the gateway.

[0074] Step 202: the client initiates a user authentication request to the gateway;

[0075] If the client wants to access the security gateway, it first needs to perform user authentication. The client can send a user authentication request message to the gateway, so that the gateway can authenticate the user...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a distributed type safe strategy implementing method, client and communication system. The method comprises: acquiring access control list corresponding to user after authentication; calculating access control list by hash algorithm possessing key, storing the calculated value; calculating actual hash value when client accesses to resource; comparing actual hash value and stored calculated value; when actual hash value is identical with stored calculated value, allowing user access to resource corresponding to actual hash value. The invention implements distributive type processing for access control, relieves load of gateway, enciphers the access control list, thereby guaranteeing safety of access control and agility.

Description

technical field [0001] The invention relates to the technical field of communication, in particular to a method for realizing a distributed security policy, a client and a communication system. Background technique [0002] With the increasing popularity of Internet applications, hackers and viruses are pervasive, making network information systems suffer from unprecedented threats. [0003] In the process of informatization, on the one hand, enterprises need to expand the access areas of their intranet application service resources and data resources to meet more and more remote access needs; on the other hand, they also need to ensure the security and access of intranet Intrusion security, prevent the internal network of the enterprise from being attacked by hackers and viruses, and ensure that the transmitted information will not be monitored, stolen or tampered with. How to ensure that users remotely access important information resources safely is an important issue. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/66
Inventor 颜慧斌徐蒙孙宏陈爱平
Owner CHENGDU HUAWEI TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap