Unlock instant, AI-driven research and patent intelligence for your innovation.

Method for implementing distributed security policy, client terminal and communication system thereof

A technology for security policies and implementation methods, applied in transmission systems, network connections, electrical components, etc., can solve the problems of access control failure and easy tampering by others, and achieve the effect of reducing burden, flexible access control, and ensuring security.

Active Publication Date: 2012-04-25
CHENGDU HUAWEI TECH
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] In the existing technology, since the ACL delivered to the client is directly in the memory, it is easy to be tampered with by others, resulting in failure of access control

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for implementing distributed security policy, client terminal and communication system thereof
  • Method for implementing distributed security policy, client terminal and communication system thereof
  • Method for implementing distributed security policy, client terminal and communication system thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0040] This embodiment describes a method for implementing a distributed security policy, by which method the integrity, confidentiality, and security of the client-side access control list can be ensured when access control is processed in a distributed manner. Detailed description will be given below in conjunction with the drawings.

[0041] See figure 1 , The method of this embodiment may include the following steps:

[0042] Step 101: After passing the authentication, obtain an access control list corresponding to the user;

[0043] It can also include before step 101:

[0044] Initiate a secure socket layer connection request to the gateway;

[0045] After establishing the secure socket layer request, send an authentication request to the gateway;

[0046] If the gateway is authenticated, step 101 is executed.

[0047] Step 102: Calculate the access control list through a hash algorithm with keys (HMAC), and store the calculated value obtained by the calculation;

[0048] The HMAC c...

Embodiment 2

[0070] This embodiment describes a method for implementing a distributed security policy, by which method the integrity, confidentiality, and security of the client-side access control list can be ensured when access control is processed in a distributed manner. Detailed description will be given below in conjunction with the drawings.

[0071] See figure 2 , The method of this embodiment may include the following steps:

[0072] Step 201: The client establishes an SSL connection with the gateway;

[0073] The client may establish an SSL connection with the gateway by sending an SSL connection establishment request message to the gateway.

[0074] Step 202: The client initiates a user authentication request to the gateway;

[0075] If the client wants to access the security gateway, it first needs to perform user authentication. The client may send a user authentication request message to the gateway, so that the gateway can authenticate the user according to the user authentication r...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a distributed type safe strategy implementing method, client and communication system. The method comprises: acquiring access control list corresponding to user after authentication; calculating access control list by hash algorithm possessing key, storing the calculated value; calculating actual hash value when client accesses to resource; comparing actual hash value and stored calculated value; when actual hash value is identical with stored calculated value, allowing user access to resource corresponding to actual hash value. The invention implements distributive type processing for access control, relieves load of gateway, enciphers the access control list, thereby guaranteeing safety of access control and agility.

Description

Technical field [0001] The present invention relates to the field of communication technology, in particular to a method for realizing a distributed security strategy, a client and a communication system. Background technique [0002] With the increasing popularity of Internet applications, hackers and viruses are pervasive, making network information systems suffer unprecedented threats. [0003] In the process of informatization, on the one hand, enterprises need to expand the access areas of their intranet application service resources and data resources to meet the increasing demand for remote access. On the other hand, they also need to ensure the security and access of the intranet. Access security prevents hackers and viruses from attacking the company’s internal network, and ensures that the transmitted information is not monitored, stolen or tampered with. How to ensure that users securely access important information resources remotely is an important topic. The Virtual...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/66
Inventor 颜慧斌徐蒙孙宏陈爱平
Owner CHENGDU HUAWEI TECH