A password management method and system suitable for zero trust network

A password management and key management technology, applied in transmission systems, digital transmission systems, secure communication devices, etc., can solve the problems of high cost and inconvenient use, and achieve the effect of convenient and flexible use

Active Publication Date: 2021-04-06
FEITIAN TECHNOLOGIES
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

If a centralized cipher machine is used in a zero-trust network, the path from each node of the system to the cipher machine will become the performance bottleneck of the entire system. Therefore, it is necessary to deploy cryptographic devices on multiple nodes, which requires efficient and controllable management methods. High and inconvenient to use

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A password management method and system suitable for zero trust network
  • A password management method and system suitable for zero trust network
  • A password management method and system suitable for zero trust network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0050] Embodiment 1 of the present invention provides a password management method suitable for a zero-trust network. The method of this embodiment is applied to a system including a password device management server, a key management server, an enhanced identity authentication server, and a node client. The node client includes Multiple, and multiple clients can work simultaneously, the method includes:

[0051] When the cryptographic device management server receives the request for downloading the cipher suite sent by the node client, it sends a query token valid request containing the token obtained by parsing the request for downloading the cipher suite to the enhanced identity authentication server, and according to the query returned by the enhanced identity authentication server The token response data judges whether the token is valid. If the token is valid, the cipher suite is retrieved according to the device ID obtained by parsing the download cipher suite request, ...

Embodiment 2

[0159] Embodiment 2 of the present invention provides a password management system suitable for zero-trust networks, such as Figure 6 As shown, the system includes a cryptographic device management server 61, a key management server 62, an enhanced identity authentication server 63 and multiple node clients 64; multiple node clients in this system can work simultaneously;

[0160] Among them, the node client 64 includes: a first sending module 641 and a first receiving module 642; the cryptographic device management server 61 includes: a second receiving module 611, a second sending module 612, a first judging module 613, a retrieval update module 614, The first generating module 615 and the first searching module 616; the key management server 62 includes: the third receiving module 621, the third sending module 622, the second judging module 623, the second generating module 624 and the third generating module 625; strengthening The identity authentication server 63 include...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a password management method and system applicable to a zero-trust network, belonging to the field of information security. After receiving the download cipher suite request sent by the node client, the cryptographic device management server sends the cipher suite to the node client if the token in the download cipher suite request is valid; the key management server receives the access key sent by the node client. After the key request, if the token in the password request request is valid and the node client has downloaded the cipher suite, the generated key will be sent to the node client; when the enhanced identity authentication server receives the authentication request sent by the node client, the user The identity is verified. If the verification is successful, a token is generated and stored corresponding to the user information in the authentication request, and the token is sent to the node client. The present invention supports the dynamic deployment of cryptographic devices and keys in a zero-trust network, without the need to deploy them on node clients in advance, user operations are not restricted, and the use is very convenient and flexible.

Description

technical field [0001] The invention relates to the field of information security, in particular to a password management method and system suitable for a zero-trust network. Background technique [0002] "Zero Trust Network" was proposed by Forrester's chief analyst John Kindervag in 2010. He believes that: "Enterprises should not automatically trust anyone / thing / thing inside or outside, and any attempt to access the enterprise system should be checked before authorization. authenticate people / things.” The zero trust model aims to solve the problems inherent in the idea of ​​“creating trust based on network boundaries”. The core idea of ​​the zero trust model is not to establish trust based on network location. Any person / device / application before authorization is regarded as untrusted, and should be trusted before accessing data. Fine-grained data access permissions are adopted. The principle of authority narrows the object of network defense from the boundary to a single...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/32H04L29/06
CPCH04L9/3213H04L9/3226H04L63/0807H04L63/083
Inventor 陆舟于华章
Owner FEITIAN TECHNOLOGIES
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap