Resource access control method based on zero-trust single packet authentication and authorization

A resource access, zero-trust single technology, applied in the field of information security, can solve problems such as network security threats, achieve the effect of improving efficiency, improving network security, and reducing network attack surface

Pending Publication Date: 2022-05-27
CHONGQING UNIV OF POSTS & TELECOMM
View PDF0 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For example, firewalls in traditional networks need to configure relevant access policies to explicitly allow terminal devices to access corresponding ser

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Resource access control method based on zero-trust single packet authentication and authorization
  • Resource access control method based on zero-trust single packet authentication and authorization
  • Resource access control method based on zero-trust single packet authentication and authorization

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0026] The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

[0027] like figure 1 As shown, a system framework diagram of resource access control based on zero-trust single-package authentication and authorization, the system framework includes terminal equipment, zero-trust gateway, key generation center and service resources.

[0028]Terminal equipment or also called terminal, can be a kind of equipment with wireless transceiver function, which can be deployed on land, including indoor or ou...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the field of information security, and particularly relates to a zero-trust single packet authentication and authorization-based resource access control method, which comprises the following steps that: terminal equipment initiates an access request to a zero-trust gateway; the zero-trust gateway verifies the request information sent by the terminal equipment, and if the verification is passed, the key center generates a session key and a public key and a private key of the terminal equipment; the terminal equipment generates single packet information that a user accesses the zero-trust gateway, and encrypts the single packet information by using the session key; calculating a message digest of the single packet information, signing the encrypted single packet information and digest information by using a private key, and sending all information to a zero-trust gateway; the zero-trust gateway verifies the signature information, the encryption information and the summary information, if verification is passed, a consistent port is opened for the terminal equipment, and the terminal equipment is allowed to temporarily access the server; by adopting the method described by the invention, the hiding of the service port is realized, the network attack surface is reduced, and the network security is improved.

Description

technical field [0001] The invention belongs to the field of information security, and in particular relates to a resource access control method based on zero-trust single-package authentication and authorization. Background technique [0002] The traditional boundary-based network verifies the user's identity at the network boundary by means of "connect first, then authenticate" to determine whether the user is trustworthy. If the user can be authenticated, the user can move laterally within the network. In traditional networks, the internal network is secure by default, and network security is considered border security. Therefore, security devices such as firewalls and WAFs are deployed to protect network borders. With the continuous development of emerging technologies such as big data and mobile Internet, network boundaries are gradually becoming blurred, and the defects of traditional network security protection models are becoming more and more obvious. For example,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L9/40
CPCH04L63/0876H04L63/10H04L63/045H04L63/12H04L2463/082
Inventor 唐飞马春亮黄永洪于万钦黄东
Owner CHONGQING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap