Security micro-service architecture based on zero-trust access strategy and implementation method

A technology of access strategy and implementation method, which is applied in the field of microservices, can solve the problems of increased attack surface and inability to establish microservices with trust, and achieve the effect of reducing attack surface, ensuring security, and improving the efficiency of security risk investigation

Active Publication Date: 2021-05-07
WUHAN UNIV
View PDF6 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Furthermore, trust cannot simply be established between individual microservices in the network, often from different unknown providers
Problems with current micr

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security micro-service architecture based on zero-trust access strategy and implementation method
  • Security micro-service architecture based on zero-trust access strategy and implementation method
  • Security micro-service architecture based on zero-trust access strategy and implementation method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0053] The present invention will be further described below in conjunction with the embodiments shown in the accompanying drawings.

[0054] as attached figure 1 As shown, this embodiment discloses a secure microservice architecture based on a zero-trust access strategy, which specifically includes: an identity authentication center, a security risk center, a microservice domain, an internal security domain, a public API proxy, and a private API proxy.

[0055] Specifically, the identity authentication center includes: an access policy module, an encryption and decryption module, a safe production authentication module, and a trust engine module. The access policy module formulates a role-based access control strategy based on the principle of least privilege; the encryption and decryption module is used to Transparent encryption; the secure production authentication module is used to securely identify microservices in dynamic and heterogeneous environments; the trust engine ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a security micro-service architecture based on a zero-trust access policy and an implementation method. The architecture comprises an identity authentication center, a micro-service domain, an internal security domain, a public API agent and a private API agent; the identity authentication center comprises an access policy module, an encryption and decryption module, a security production authentication module and a trust engine module; the trust engine module is used for executing identity verification and generating a short-term Access Token and a Refresh Token; the implementation process comprises the steps of requesting resources, performing single sign-on and identity verification, allocating permissions, returning Token, filtering and checking the validity of the Token to execute access. And when the calling party needs to arrive at the internal security domain, the private API agent is accessed through the Facade service, and the matched additional authorization level is transmitted. According to the method, the short-term Token is generated through identity verification and an authorization mechanism so as to protect the distributed micro-service isolated from the front-end system, the security priority level of the micro-service is adjusted in real time through the private API agent, the possible attack surface of the micro-service system is reduced, and a deep defense strategy is realized.

Description

technical field [0001] The invention belongs to the technical field of microservices, and in particular relates to a secure microservice architecture and an implementation method based on a zero-trust access strategy. Background technique [0002] Security is a long-standing problem in networked systems, and with the advent of microservices, security has become even more challenging. As a result of decomposing the system into smaller, independent and distributed units, a large number of entry points and communication flows arise. Microservices are becoming the new norm for software development in the enterprise design pattern, allowing to build software systems by composing lightweight services. Especially in the development of complex and distributed applications, it is an architectural design pattern that aims to solve the problems of scalability, scalability and ease of maintenance of online services. [0003] Furthermore, trust cannot simply be established between indi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/60G06F21/31G06F21/57G06F21/64
CPCG06F21/602G06F21/64G06F21/31G06F21/577
Inventor 崔晓晖朴杨鹤然陶启郑承良张宽
Owner WUHAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap