Network security management method and server

A management method and network security technology, applied in the network security management method and the server field, can solve problems such as threats to the data security of big data systems, and achieve the effect of improving security

Active Publication Date: 2020-08-25
LENOVO (BEIJING) LTD
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, once the configuration file is read by an illegal user, the illegal user can directly log in to the database and modify the permission processing file stored in the database, thereby threatening the data security of the entire big data system by accessing the permission management module

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network security management method and server
  • Network security management method and server
  • Network security management method and server

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0051] This embodiment provides a method for network security management. Specifically, the method is applied to a large data cluster, where there are multiple principles (principles), where the principals may be servers, and the principals can communicate with each other. When the current cluster management platform manages the authority of each subject, it mainly stores the subject's authority processing file in the database. When any subject wants to use the authority processing file to operate, it needs to verify the authority processing file. That is, when the server detects that a subject uses the permission processing file to send a request, it obtains the permission processing file, and sends the permission processing file to the trusted encryption hardware module; Decryption operation: if the authority processing file can be decrypted, it means that the subject has the request authority, and respond to the subject's request. Since the trusted encryption hardware modul...

Embodiment 2

[0065] Based on the method described in Embodiment 1, this embodiment provides several specific ways to verify the subject.

[0066] Mode 1, before the server invokes the trusted encryption hardware module to decrypt the authority processing file, it also needs to perform identity verification on sending the request to determine whether the request is legal. Obtain a first judgment result according to the identity authentication information of the request; when the first judgment result shows that the request has legal identity authentication information, the trusted and encryptable hardware module decrypts the authority processing file . For example, in one of the application scenarios, the request has timed out, and the server may not respond to the timed-out request.

[0067] Method 2: After judging that the request is legal, the server also needs to judge whether the request has access rights, that is to say, verify the access rights of the request and obtain a second jud...

Embodiment 3

[0072] This embodiment provides a method for network security management. Specifically, the method is applied to a large data cluster, where there are multiple principles (principles), where the principals may be servers, and the principals can communicate with each other. When the current cluster management platform manages the authority of each subject, it mainly stores the subject's authority processing file in the database. When any subject wants to use the authority processing file to operate, it needs to verify the authority processing file. That is, when the server detects that a subject uses the permission processing file to send a request, it obtains the permission processing file, and sends the permission processing file to the trusted encryption hardware module; Decryption operation: if the authority processing file can be decrypted, it means that the subject has the request authority, and respond to the subject's request. Correspondingly, for the subject side, befo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network security management method and a server. The method comprises the following steps: when detecting that one subject uses an authority processing file sending request, acquiring the authority processing file; transmitting the authority processing file to a trusted cryptographic hardware module; enabling the trusted cryptographic hardware module to decrypt the authority processing file; and using the decrypted authority processing file to respond to the request of the subject. The technical scheme of the embodiment of the invention adopts the trusted cryptographic hardware module to decrypt the authority processing file, so that the subject verifies the authority when calling the authority processing file, thereby improving the network security.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a network security management method and a server. Background technique [0002] At present, common big data systems generally use the user authority management module to manage user authority. In terms of security control of permissions by the permission management module, the security mechanism of the database itself is generally used to ensure security, for example, a user name and password are used to log in to the database for security verification. Usually, the user name and password of the database in the authority management module are saved in the database configuration file in the form of plain text. However, once the configuration file is read by an illegal user, the illegal user can directly log in to the database and modify the permission processing file stored in the database, thereby threatening the data security of the entire big data system by accessing...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/0853H04L63/10
Inventor 张奇伟
Owner LENOVO (BEIJING) LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap