Access control method and device based on roles and terminal credibility

A technology of access and reliability, applied in the field of information security, can solve the problem of low security, and achieve the effect of solving low security, high scalability and adaptability, and ensuring security

Active Publication Date: 2019-07-26
WUHAN UNIV
View PDF10 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] In view of this, the present invention provides an access control method and device based on role and terminal credibility, to solve or at least partly solve the technical problem of low security in the methods in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Access control method and device based on roles and terminal credibility
  • Access control method and device based on roles and terminal credibility
  • Access control method and device based on roles and terminal credibility

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0063] This embodiment provides an access control method based on role and terminal credibility, which is applied to the server. Please refer to figure 1 , the method includes:

[0064] Step S1: Receive the access request sent by the user through the terminal, wherein the access request includes the user's identity information, and the terminal pre-builds a terminal trusted execution environment through the TPM.

[0065] Specifically, the TPM (Trusted Platform Module) security chip refers to a security chip that meets the TPM (Trusted Platform Module) standard, which can effectively protect the PC and prevent unauthorized users from accessing it.

[0066] Step S2: Verify the user's identity information. After the verification is passed, collect the terminal's identity information, system key file measurement value information and security information through the TPM, wherein the security information includes system risk information and software update time information.

[006...

Embodiment 2

[0115] This embodiment provides an access control device based on role and terminal credibility, please refer to Figure 7 , the device is a server, including:

[0116] The access request receiving module 201 is configured to receive an access request sent by the user through the terminal, wherein the access request includes the identity information of the user, and the terminal pre-builds a terminal trusted execution environment through the TPM;

[0117] The identity verification module 202 is used to verify the user's identity information. After the verification is passed, the terminal's identity information, system key file measurement value information and security information are collected through the TPM, wherein the security information includes system risk information and software update time information;

[0118] Execution environment credibility determination module 203, configured to match the system key file metric value information collected by the terminal with ...

Embodiment 3

[0144] Based on the same inventive concept, the present application also provides a computer-readable storage medium 300, please refer to Figure 8 , on which a computer program 311 is stored, and the method in Embodiment 1 is implemented when the program is executed.

[0145] Since the computer-readable storage medium introduced in the third embodiment of the present invention is the computer-readable storage medium used in implementing the access control method based on roles and terminal credibility in the first embodiment of the present invention, it is implemented based on the present invention For the method introduced in Example 1, those skilled in the art can understand the specific structure and deformation of the computer-readable storage medium, so details are not repeated here. All computer-readable storage media used in the method of Embodiment 1 of the present invention belong to the scope of protection of the present invention.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an access control method and device based on roles and terminal credibility. The access control method comprises the following steps: constructing a terminal trusted executionenvironment by using TPM, calculating an environment security state when a terminal is accessed, judging a terminal security level, and associating an internal network access control permission with auser role and the terminal security level, thereby realizing access control. According to the method, the security of the intranet access terminal and the security of intranet access control authority distribution can be effectively ensured, the user authority can be adjusted according to the user role and the current security level of the access terminal, and the method has the advantages of high security, convenient authorization management, capability of flexibly adjusting terminal measurement contents according to working requirements and easiness in implementation.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to an access control method and device based on role and terminal credibility. Background technique [0002] The terminal is the carrier for users to access intranet resources, and it is also the main channel for intranet information leakage. At present, the operating systems commonly used by terminals are becoming larger and larger, and various security vulnerabilities are inevitable. Therefore, various security protection technologies based on the operating system (such as virus detection, Trojan horse killing, network firewall and intrusion detection, etc.) cannot Solve the problem fundamentally. The credibility of the system platform (that is, the behavior of the platform is executed according to the predetermined method) depends to a large extent on the integrity of the computing platform. Therefore, to fundamentally ensure the security of the terminal's own execu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L9/32
CPCH04L9/3234H04L63/105
Inventor 赵波朱晓南黎佳玥李想金泽浩
Owner WUHAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap