Unlock instant, AI-driven research and patent intelligence for your innovation.

Cloud application access control method and system

An access control and cloud application technology, applied in the field of communication security, can solve problems such as unauthorized access, exception, sensitive information leakage access, etc., and achieve the effect of avoiding information leakage

Active Publication Date: 2019-10-01
BEIJING VENUS INFORMATION SECURITY TECH +1
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of this, the present invention provides a cloud application access control method and system to solve the problem of sensitive information leakage, abnormal access, and unauthorized access when users access applications on the cloud.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cloud application access control method and system
  • Cloud application access control method and system
  • Cloud application access control method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] Embodiment 1 of the present invention discloses a cloud application access control method, which is applied to a cloud application access control system, and the flow chart of the method is as follows figure 1 shown, including the following steps:

[0038] S101. When the authentication server receives a SAML request carrying a cloud application address, determine whether there is a cloud application address in the preloaded cloud application mapping table, wherein the cloud application mapping table includes at least one preset cloud application address and its corresponding Default cloud application identification;

[0039] In the process of executing step S101, for example, when the SAML request received by the authentication server contains the address "https: / / www.baidu.com / " of the cloud application "Baidu", search the pre-stored cloud application mapping table Whether this address exists in , where the SAML request can be generated by the Baidu server, that is, w...

Embodiment 2

[0048] Based on the cloud application access control method disclosed in the first embodiment of the present invention, the second embodiment also discloses a cloud application access control method, the method flow chart is as follows figure 2 shown, including the following steps:

[0049] S201. The management server constructs a cloud application mapping table in advance, and sends loading notifications to the authentication server and the proxy server respectively, so that the authentication server and the proxy server respectively load the cloud application mapping table according to the loading notifications;

[0050] S101. When the authentication server receives a SAML request carrying a cloud application address, determine whether there is a cloud application address in the preloaded cloud application mapping table, wherein the cloud application mapping table includes at least one preset cloud application address and its corresponding Default cloud application identifi...

Embodiment 3

[0056] Based on the cloud application access control method disclosed in Embodiment 2 of the present invention, such as figure 2 In the shown step S201, the specific execution process of the management server pre-constructing the cloud application mapping table is as follows: image 3 shown, including the following steps:

[0057] S301. The management server determines whether a domain name resolution server exists in the current network environment;

[0058] S302. When there is no domain name resolution server, randomly generate a cloud application identifier in the form of a port for each preset cloud application address received, and the port is a proxy server port;

[0059] In the process of executing step S302, when there is no domain name resolution server in the current network environment, a cloud application identifier is generated for each preset cloud application address by opening different ports on the proxy server, for example, Baidu address "https: / / www.baid...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a cloud application access control method and system. The method comprises the following steps that an authentication server judges whether a cloud application address exists in a pre-loaded cloud application mapping table when the authentication server receives an SAML request carrying the cloud application address, wherein the cloud application mapping table includes at least one preset cloud application address and a corresponding preset cloud application identifier thereof; when the authentication server judges that the cloud application address exists in the cloud application mapping table, the authentication server obtains the cloud application identifier corresponding to the cloud application address from the cloud application mapping table, generates an SAML response carrying the cloud application identifier and sends the SAML response to a proxy server corresponding to the cloud application address; and the proxy server obtains the cloud application address corresponding to the cloud application identifier from the pre-loaded cloud application mapping table and sends the SAML response to the cloud application address in order to realize access to a cloud application corresponding to the cloud application address. According to the method disclosed by the invention, full flow monitoring of the proxy server for at least one cloud application is realized.

Description

technical field [0001] The present invention relates to the technical field of communication security, and more specifically, to a cloud application access control method and system. Background technique [0002] Cloud computing is a dynamic, scalable, and virtualized resource computing method, usually provided by the Internet, so users do not need to understand the details of the cloud. [0003] Cloud applications mainly adopt application service hosting in the cloud computing environment. In the process of users accessing applications on the cloud, there may be problems of sensitive information leakage, abnormal access, and unauthorized access. [0004] In view of this, how to perform full flow control on multiple cloud applications is an urgent problem to be solved by those skilled in the art. Contents of the invention [0005] In view of this, the present invention provides a cloud application access control method and system to solve the problem of sensitive informa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 张爱武张如辉郭春梅
Owner BEIJING VENUS INFORMATION SECURITY TECH