Single packet authorization method and system

An authorization system and authorization request technology, applied in the field of information security, can solve the problems of ever-changing attack methods, unavailability of services, and hard to prevent, and achieve the effect of solving gateway port exposure and avoiding network attacks.

Active Publication Date: 2020-10-13
SHENZHEN LEAGSOFT TECH
View PDF5 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the server faces a large number of network attacks every day, and the attack methods are changing with each passing day, making it impossible to prevent
Once the server is compromised and the service is unavailable, it will have a serious impact on users
Although gateways and firewalls play a certain role in protecting the server, as long as the server provides services, certain ports must be opened, and once the ports are opened, attackers will have an opportunity

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Single packet authorization method and system
  • Single packet authorization method and system
  • Single packet authorization method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] A single package authorization method, see figure 1 , including the following steps:

[0038] S1: When the controller detects the first single-packet authorization request from the client, it authenticates the first single-packet authorization request; when the authentication is passed, it releases the first service channel from the client to the controller for the client end access controller;

[0039] Specifically, when the controller releases the first service channel with the client, the client can access services on the controller through the first service channel.

[0040] S2: When the gateway server detects the second single packet authorization request from the controller, it parses the second packet authorization request; when the parsing is successful, releases the second service channel from the controller to the gateway server;

[0041] Specifically, both the first single packet authorization request and the second single packet authorization request are S...

Embodiment 2

[0060] On the basis of the above-mentioned embodiments, this embodiment provides the first login process and the non-first login process of the client.

[0061] see figure 2 , figure 2 The dotted box in the figure indicates that the controller and the gateway server can be deployed together or separately. A controller can correspond to multiple gateway servers.

[0062] Step 1 is the verification process of the SPA package of the controller. After passing the SPA authentication, if there is a user name and password in the SPA package, go to step 2. If there is no password, obtain the device ID in the SPA package, and then verify the legitimacy of the device ID. If it is legal, the controller releases the service that the client needs to access and executes step 3.

[0063] Step 2 is the identity authentication process. After obtaining the user name and password in the SPA package, call the authentication interface of the authentication module to perform identity authenti...

Embodiment 3

[0072] A single package authorization system, see image 3 ,include:

[0073] client;

[0074] Controller: used to authenticate the first single-packet authorization request when monitoring the first single-packet authorization request from the client; when the authentication is passed, release the first service channel from the client to the controller for the The client accesses the controller; the controller is also used to send the user policy to the gateway server through the second service channel;

[0075] Gateway server: used to analyze the second package authorization request when monitoring the second single package authorization request from the controller; when the analysis is successful, release the second service channel from the controller to the gateway server; the gateway server It is also used to release the third service channel from the corresponding client to the gateway server when the user policy is received, so that the client can access the gateway s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a single packet authorization method and system. The method comprises the following steps: a controller carries out the authentication of a first single packet authorization request when monitoring the first single packet authorization request from a client; when the authentication is passed, a first service channel is released from the client to the controller for the client to access the controller; a gateway server analyzes a second packet authorization request when monitoring the second single packet authorization request from the controller; when the analysis is successful, a second service channel is released from the controller to the gateway server; the controller sends a user strategy to a gateway server through the second service channel; when receiving theuser strategy, the gateway server releases a third service channel from the corresponding client to the gateway server, and therefore the client can access the gateway server. The method can preventmost network attacks.

Description

technical field [0001] The invention belongs to the technical field of information security, and in particular relates to a single-package authorization method and system. Background technique [0002] The Internet provides people with a wealth of services, and provides great convenience for people's life and office. However, the server faces a large number of network attacks every day, and the attack methods are changing with each passing day, making it impossible to prevent. Once the server is compromised and the service is unavailable, it will have a serious impact on users. Although gateways and firewalls play a certain role in protecting the server, as long as the server provides services, certain ports must be opened, and once the ports are opened, attackers will have an opportunity. Contents of the invention [0003] Aiming at the defects in the prior art, the present invention provides a single-package authorization method and system, which can prevent most netwo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/083H04L63/0876H04L63/20H04L63/1441
Inventor 秦文军孟昭宇王志
Owner SHENZHEN LEAGSOFT TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap