Unlock instant, AI-driven research and patent intelligence for your innovation.

User identity filtering method and firewall

A technology of user identity and user identity information, applied in a method based on user identity filtering and in the field of firewalls, can solve problems such as inability to analyze user information, unrealized user information extraction session control, and impact on overall system performance, so as to prevent malicious Effect of User Access to the Service

Inactive Publication Date: 2015-01-28
BEIJING UNIV OF POSTS & TELECOMM
View PDF3 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Its disadvantage is that it has a great impact on the overall performance of the system. It must be set up one by one for all the application types that may be generated by the client, which greatly increases the complexity of system management, and it can only analyze the harmfulness of the protocol in the application layer. code, and cannot analyze the user information of an application
Although some proxy firewalls support users to log in to the firewall and filter based on user login information, they do not implement online user information extraction and session control based on this

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • User identity filtering method and firewall
  • User identity filtering method and firewall
  • User identity filtering method and firewall

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018] Neither packet filtering nor proxy service firewalls can identify users online, and cannot implement user-based security policies based on user information and behavior. However, with the wide application of service-oriented architecture, web2.0 and cloud services, it is necessary to The identity information of the corresponding application is used for access control and session management.

[0019] On the one hand, more communication uses fewer ports (such as 80 and 443 ports) and uses fewer protocols (such as HTTP and HTTPS) to transmit, and the packet filtering firewall based on IP and port combination detection is not suitable and not suitable. too effective.

[0020] On the other hand, the behaviors of users using the same application are quite different. For example, some users who use cloud services frequently access a certain service in a short period of time or occupy a large amount of bandwidth, or the historical behavior of this user is not good. Providers n...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a user identity filtering method and a firewall. User identity information can be identified in application level data. Access control and session management can be realized according to the user identity information and a behavior record. In the invention, fine grained control can be performed to a single user behavior and a corresponding safety strategy is used for the different user. The malicious user can not access services or under the condition of a bad network state, some user accesses can be restricted.

Description

technical field [0001] The invention relates to the fields of network security and computer security, in particular to a filtering method based on user identity and a firewall. Background technique [0002] A firewall is a protective barrier composed of software and hardware devices and constructed on the interface between the internal network and the external network, and between the private network and the public network. It is a combination of computer hardware and software, and is a security gateway established between the Internet and the Intranet, thereby protecting the Intranet from the invasion of illegal users. [0003] Existing firewalls can be divided into packet filtering firewalls and proxy service firewalls in terms of implementation principles and methods. in: [0004] (1) Packet filtering firewall, including simple packet filtering and state inspection packet filtering, works at the network layer and transport layer, and filters data packets based on the bu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 裘晓峰郝明阳赵粮张春红成城纪阳
Owner BEIJING UNIV OF POSTS & TELECOMM