Method for realizing full-link encryption agent by using event certificate

A full-link, user-certificate technology, which is applied in the field of full-link encrypted proxy using event certificates, can solve problems such as cross-trust domains

Active Publication Date: 2020-10-20
北京格尔国信科技有限公司
View PDF10 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method only needs to use the standard SSL protocol for the application, and can realize the audit of the application server to the end user and...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for realizing full-link encryption agent by using event certificate
  • Method for realizing full-link encryption agent by using event certificate
  • Method for realizing full-link encryption agent by using event certificate

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] In order to make the technical means, creative features, goals and effects achieved by the present invention easy to understand, the following will further explain how to implement the present invention in combination with specific diagrams.

[0026] (1) Digital certificate issuance and trust domain

[0027] Use the root CA to issue the secondary user certificate CA and event certificate CA, the user certificate CA is used to issue user certificates, and the event CA server is used to issue event certificates. Intranet application servers trust the user certificate CA and event CA certificate chains. Trust the user certificate CA on the SSL proxy server.

[0028] (2) User access process

[0029] see image 3 , Deploy a forward or reverse SSL proxy server at the network border, the CA server is used to issue event certificates, the atomic clock provides the time source, and the SSL proxy server, CA server, and application server synchronize time with the atomic clock....

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for realizing a full-link encryption agent by using an event certificate. The method comprises the following steps: establishing an SSL encryption tunnel based on a digital certificate between a browser and an SSL proxy server, and then, dynamically generating an event certificate in the SSL proxy server in linkage with the CA server, and associating the event certificate to the SSL session to complete an SSL encryption tunnel with the back-end application server, so that the back-end application server can perform secondary identity authentication on the userand further perform fine-grained access control and single sign-on. By utilizing the event certificate, one-time pad of a session between the SSL proxy server and the application server can be realized, an authentication identifier of the session is consistent with a user identity identifier of an original visitor, and meanwhile, the characteristics of timely signing and issuing, no need of storage, short validity period and the like of the event certificate are fully utilized in the session. The SSL proxy server can realize micro-isolation from a user to an application by adopting an event certificate mode, and meanwhile, the access control capability of the whole system and the audit transparency are also improved.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a method for realizing full-link encryption agency by using event certificates for identity authentication of network communication and link encryption. Background technique [0002] Traditional network security believes that attackers mainly come from external networks, and deploying strict monitoring equipment at the entrance of the network, such as firewalls, VPNs, and anti-virus equipment, can reduce attacks from external networks. In the enterprise intranet, the network is considered safe because most of the external hacker attacks are shielded. [0003] In order to protect the safe transmission of corporate sensitive data on the Internet, digital authentication and access control systems are generally used at network boundaries to provide external services, such as online banking and mobile office. Such as figure 1 The shown client completes identity ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L9/32
CPCH04L63/0823H04L63/0442H04L63/0471H04L63/0884H04L9/3268H04L63/168H04L63/0281
Inventor 朱振中陈磊贺红杰
Owner 北京格尔国信科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap