[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN107342999A - A kind of system and method based on agent protection certificate is strengthened - Google Patents

A kind of system and method based on agent protection certificate is strengthened Download PDF

Info

Publication number
CN107342999A
CN107342999A CN201710538310.2A CN201710538310A CN107342999A CN 107342999 A CN107342999 A CN 107342999A CN 201710538310 A CN201710538310 A CN 201710538310A CN 107342999 A CN107342999 A CN 107342999A
Authority
CN
China
Prior art keywords
network data
data information
computer
remote computer
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710538310.2A
Other languages
Chinese (zh)
Inventor
钱兵
王幸福
张百林
张冲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201710538310.2A priority Critical patent/CN107342999A/en
Publication of CN107342999A publication Critical patent/CN107342999A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Technology Law (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of based on the method and system for strengthening agent protection certificate, wherein, method includes:Step 1, the network data information from subscriber computer is intercepted;Step 2, judge whether the subscriber computer corresponding to the network data information has the authority accessed the remote computer to be communicated;If so, step 3, is encrypted signature to the network data information, authorizes the subscriber computer to conduct interviews the remote computer.By being intercepted when being communicated with remote computer, then judge whether remote computer is credible, due to without using local trust data storehouse, avoid and paid for first or changed by ignorant or malicious user software, so that local user or software are in integer communication environment trusty, the Information Security of communication is improved.

Description

A kind of system and method based on agent protection certificate is strengthened
Technical field
The present invention relates to technical field of communication safety and comprising, more particularly to it is a kind of based on the system for strengthening agent protection certificate and Method.
Background technology
Consistent till now from last century Mo, the development of network technology is maked rapid progress, and the spread speed and quantity of information are always In fulminant growth.During information transfer, it may occur however that information leakage and information distort, for user come Say, be breakneck, after the especially intelligent epoch arrive, the bulk information of user is appeared on network, is being provided amenities for the people While, the security of information needs preferably to be maintained.
Web application usually using certificate come verify the integrality of remote entity and remote location communication it is complete Property and confidentiality.However, certificate is there is also fragility, because local trust data storehouse (root certificate for including trust) may quilt Ignorant or malicious user software is overturned or changed.This may cause to insert insecure root of trust in business policy, from And local user or software is caused to be placed on fly-by-night certificate communication environment so that information occur in information communication process The Network Security Vulnerabilities such as leakage.
The content of the invention
It is an object of the invention to provide a kind of based on the method and system for strengthening agent protection certificate, place user and calculate Machine is communicated with incredible remote computer, improves the communications security of local user or application.
In order to solve the above technical problems, the embodiments of the invention provide it is a kind of based on strengthen agent protection certificate method, Including:
Step 1, the network data information from subscriber computer is intercepted;
Step 2, it is long-range to what is communicated to judge whether the subscriber computer corresponding to the network data information has The authority that computer accesses;
If so, step 3, signature is encrypted to the network data information, the subscriber computer is authorized to described remote Journey computer conducts interviews.
Wherein, the step 2, including:
Identify the voucher for the remote computer that the subscriber computer will communicate and the network of the network data information Request;
The encryption information of the voucher is calculated, and exports the ciphering sequence of the network data information;
Judge whether the certificate, the ciphering sequence and the network data information of the remote computer are included in white name In single database, and it is not included in black list database.
Wherein, in addition to:
Fire wall checks the network data information, judges whether there is the ciphering signature;
If so, authorizing the network data information to conduct interviews the remote computer, otherwise, refuse the network number It is believed that breath conducts interviews to the remote computer.
Wherein, the signature that the network data information is encrypted is by adding ciphering sequence to application layer protocol Field network data information is encrypted signature.
Wherein, it is described that ciphering sequence field is added into the network data information as the ciphering sequence is added to The ciphering sequence is added to ipv6 header chain field by IPV4 header Option Field.
In addition, the embodiment of the present invention additionally provides a kind of based on the system for strengthening agent protection certificate, including based on Credential management agency, trusted voucher database and the authorization server of main frame, it is credible that the trusted voucher database includes mark The information of entity and respective encrypted certificate, the credential management agency of the Intrusion Detection based on host is connected with subscriber computer, for intercepting The network traffic information of the remote computer accessed from the subscriber computer, and institute is identified according to the network traffic information State the certificate of remote computer and calculate the confidential information of the certificate, after the ciphering sequence for obtaining the network data information, The network data information and the ciphering sequence are sent to the authorization server, it is remote described in the authorization server judges Whether the certificate of journey computer, the ciphering sequence, the network data information are included in the trusted voucher database White list database, black list database, if being all contained in the white list database, and it is not included in the blacklist data Storehouse, signature is encrypted to the network traffic information by using authorization server key, to authorize network access to be intercepted The network data information.
Wherein, in addition to fire wall, the fire wall are connected with the authorization server, the subscriber computer, are used for Check whether the network data information from the subscriber computer has the authorization server key label of the authorization server The ciphering signature of name, if so, authorizing the network data information to conduct interviews the remote computer, otherwise, described in refusal Network data information conducts interviews to the remote computer.
Wherein, the authorization server is to be operated in the authorization server of public computer server or be operated in separate mesh The authorization server of network equipment.
Wherein, the credential management agency of the Intrusion Detection based on host is the voucher for the Intrusion Detection based on host for being operated in the subscriber computer Administration agent or be operated in special computer Intrusion Detection based on host credential management agency.
Wherein, in addition to the fire wall, the authorization server, the subscriber computer distrust feedback being connected Device, the reason for can not being communicated for being fed back to the subscriber computer with the remote computer.
The system and method based on agent protection certificate is strengthened that the embodiment of the present invention is provided, compared with prior art, With advantages below:
Method provided in an embodiment of the present invention based on reinforcing agent protection certificate, including:
Step 1, the network data information from subscriber computer is intercepted;
Step 2, it is long-range to what is communicated to judge whether the subscriber computer corresponding to the network data information has The authority that computer accesses;
If so, step 3, signature is encrypted to the network data information, the subscriber computer is authorized to described remote Journey computer conducts interviews.
System provided in an embodiment of the present invention based on reinforcing agent protection certificate, include the credential management generation of Intrusion Detection based on host Reason, trusted voucher database and authorization server, the trusted voucher database include mark trusted entity and respective encrypted card The information of book, the credential management agency of the Intrusion Detection based on host are connected with subscriber computer, calculated for intercepting from the user The network traffic information for the remote computer that machine accesses, and according to the card of the network traffic information identification remote computer Book and the confidential information for calculating the certificate, after the ciphering sequence for obtaining the network data information, the network data is believed Breath and the ciphering sequence are sent to the authorization server, the certificate of remote computer described in the authorization server judges, Whether the ciphering sequence, the network data information are included in the white list database, black in the trusted voucher database List data storehouse, if being all contained in the white list database, and the black list database is not included in, by using mandate Signature is encrypted to the network traffic information in server key, to authorize the intercepted network data of network access to believe Breath.
The system and method based on agent protection certificate is strengthened, by being carried out when being communicated with remote computer Intercept, then judge whether remote computer is credible, judge whether subscriber computer has corresponding to the network data information The authority accessed the remote computer, only have due to without using local trust data storehouse, avoiding by ignorant or The software of malicious user is paid for first or changed so that local user or software are in integer communication environment trusty, improve The Information Security of communication.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are the present invention Some embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis These accompanying drawings obtain other accompanying drawings.
Fig. 1 is a kind of embodiment provided in an embodiment of the present invention based on the method for strengthening agent protection certificate Steps flow chart schematic diagram;
Fig. 2 is a kind of embodiment provided in an embodiment of the present invention based on the system for strengthening agent protection certificate Structural representation;
Fig. 3 is another embodiment provided in an embodiment of the present invention based on the system for strengthening agent protection certificate Structural representation.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other under the premise of creative work is not made Embodiment, belong to the scope of protection of the invention.
Fig. 1~Fig. 3 is refer to, Fig. 1 is the one of the method provided in an embodiment of the present invention based on reinforcing agent protection certificate The step schematic flow sheet of kind embodiment;Fig. 2 is provided in an embodiment of the present invention based on reinforcing agent protection certificate A kind of structural representation of embodiment of system;Fig. 3 is to be provided in an embodiment of the present invention based on reinforcing agent protection card The structural representation of another embodiment of the system of book.
It is described based on the method for strengthening agent protection certificate in a kind of embodiment, including:
Step 1, the network data information from subscriber computer is intercepted;So that subscriber computer enters to remote computer When row accesses, first it is intercepted, judges whether the remote computer to be accessed is credible, avoids between insincere remote computer Communication.
Step 2, it is long-range to what is communicated to judge whether the subscriber computer corresponding to the network data information has The authority that computer accesses;By judge the network data information in subscriber computer access the remote computer to be communicated be It is no credible, to judge whether with access rights.
If so, step 3, signature is encrypted to the network data information, the subscriber computer is authorized to described remote Journey computer is conducted interviews, and only with access rights, remote computer corresponding to access can just be had by obtaining ciphering signature Qualification, obtain and access the pass.
By being intercepted when being communicated with remote computer, then judge whether remote computer is credible, judge Subscriber computer corresponding to the network data information whether have to the remote computer access authority, only have by In without using local trust data storehouse, avoid and paid for first or changed by ignorant or malicious user software so that be local User or software are in integer communication environment trusty, improve the Information Security of communication.
And it is whether credible for remote computer, there are many knowledge method for distinguishing, in one embodiment of the invention, institute Step 2 is stated, including:
Identify the voucher for the remote computer that the subscriber computer will communicate and the network of the network data information Request;
The encryption information of the voucher is calculated, and exports the ciphering sequence of the network data information;
Judge whether the certificate, the ciphering sequence and the network data information of the remote computer are included in white name In single database, and it is not included in black list database.
By identifying the voucher of remote computer and the network request of the network data information that will communicate, with main frame In trust voucher database in black and white lists contrasted, the certificate of only described remote computer, the encryption Sequence and the network data information are included in white list database, and are not included in black list database, can just be obtained Ciphering signature, accessed corresponding to remote computer authority, can avoid in this way with it is not trusted remote Journey computer is communicated, and improves the safety letter of communication.
Further to improve the security of communication, also included based on the method for strengthening agent protection certificate:
Fire wall checks the network data information, judges whether there is the ciphering signature;
If so, authorizing the network data information to conduct interviews the remote computer, otherwise, refuse the network number It is believed that breath conducts interviews to the remote computer.
Fire wall detection is carried out to the network data information of the subscriber computer of interception, judges whether that there is the encryption Signature, only has ciphering signature corresponding with the remote computer to be accessed, can have access rights, avoid possibility Even if the network data information occurred is intercepted, judge whether the subscriber computer has corresponding to the network data information The authority accessed the remote computer to be communicated has miscellaneous part or equipment not to be performed, or situation about not being encrypted Occur.
In the present invention, for being not especially limited to the mode for the network data information being encrypted signature, one In embodiment, the signature that the network data information is encrypted is by adding ciphering sequence field to application layer protocol Network data information is encrypted signature.
Specifically, the ciphering sequence field of being added into the network data information can be to add the ciphering sequence It is added to IPV4 header Option Field, or the ciphering sequence is added to ipv6 header chain field, is by application Signature is encrypted to network data information in ciphering sequence corresponding to layer protocol addition.
The present invention of processing in to(for) network information data is by the way that label are encrypted to each network packet therein What name accessed, the detection of same fire wall is also and the form of network packet is encrypted what signature checked.
In addition, the embodiment of the present invention additionally provides a kind of based on the system for strengthening agent protection certificate, including based on Credential management agency 20, trusted voucher database and the authorization server 30 of main frame, the trusted voucher database include mark The information of trusted entity and respective encrypted certificate, the credential management agency 20 of the Intrusion Detection based on host are connected with subscriber computer 10, For intercepting the network traffic information of the remote computer 50 accessed from the subscriber computer 10, and according to the network flow Measure information to identify the certificate of the remote computer 50 and calculate the confidential information of the certificate, obtain the network data information Ciphering sequence after, the network data information and the ciphering sequence are sent to the authorization server 30, the mandate Server 30 judges whether the certificate, the ciphering sequence, the network data information of the remote computer 50 are included in institute White list database, the black list database in trusted voucher database are stated, if the white list database is all contained in, and not Included in the black list database, label are encrypted to the network traffic information by using the key of authorization server 30 Name, to authorize the intercepted network data information of network access.
It is described to be based on strengthen agent protection certificate in order to further improve the communications security with remote computer 50 System also includes fire wall 60, and the fire wall 60 is connected with the authorization server 30, the subscriber computer 10, for checking Whether the network data information from the subscriber computer 10 has the key of authorization server 30 of the authorization server 30 The ciphering signature of signature, if so, authorize the network data information to conduct interviews the remote computer 50, otherwise, refusal The network data information conducts interviews to the remote computer 50.
It is pointed out that fire wall 60 here does not imply that the fire wall 60 of subscriber computer 10, and refer to user Computer 10 be arranged on the fire wall 60 of main frame when connecting remote computer 50 by main frame.
The system based on reinforcing agent protection certificate in the present invention, the credential management agency 20 for passing through Intrusion Detection based on host intercept The network traffic information of the remote computer 50 accessed from the subscriber computer 10 is by authorization server 30 to the network flow Amount information verified, confirm the remote computer 50 wherein to be accessed whether trust, avoid and insincere remote computation Adverse consequences caused by machine 50 communicates and be possible.
It can be the authorization server 30 for being operated in public computer server that authorization server 30 in the present invention, which is, Can be the authorization server 30 for being operated in standalone network device, the present invention for authorization server 30 and its work position not Limit.
Likewise, the credential management agency 20 of the Intrusion Detection based on host in the present invention can be to be operated in the user to calculate The credential management agency 20 of the Intrusion Detection based on host of machine 10, or be operated in the credential management of the Intrusion Detection based on host of special computer Agency 20.
I.e. subscriber computer 10 is when carrying out the access of remote computer 50, by being arranged on subscriber computer 10 or special meter The credential management agency 20 of the Intrusion Detection based on host of calculation machine is intercepted, and identifies the certificate of remote computer 50, calculates corresponding add Confidential information, the ciphering sequence of the network data information is sent to authorization server 30, by authorization server 30 by the long-range meter Whether the certificate of calculation machine 50, network data information and ciphering sequence are included in the voucher database for the receiver being attached thereto In registration single database, and black list database therein is not included in, then network data information is encrypted signature, it The credential management agency 20 of Intrusion Detection based on host is returned again to afterwards, after being verified by fire wall 60, is communicated with remote computer 50.
During being communicated with remote computer 50, if communicated successfully, it can be obtained from result of communication, if communication It is unsuccessful, the user of local subscriber computer 10 be the reason for can not obtaining to communicate can not determine whether be Communicated with mistrustful remote computer 50, the unsuccessful reason that communicates is obtained in order to facilitate subscriber computer 10, in the present invention One embodiment in, it is described based on strengthen agent protection certificate system also include and the fire wall 60, it is described authorize take It is engaged in the distrust feedback device that device 30, the subscriber computer 10 connect, for can not be with to the subscriber computer 10 feedback The reason for remote computer 50 communicates.
By distrusting that the remote computer 50 that the user feedback of feedback device elder generation is communicated is insincere remote computer 50, Prevent the reason for user's quick obtaining is from communicating, so as to not conducted interviews to it, the communication for improving subscriber computer 10 can By property and security.
In summary, it is provided in an embodiment of the present invention based on strengthen agent protection certificate system and method, by with Intercepted when remote computer is communicated, then judge whether remote computer is credible, judge the network data information Whether corresponding subscriber computer has the authority accessed the remote computer, only has due to without using local trust Database, avoid and paid for first or changed by ignorant or malicious user software so that local user or software are in can The integer communication environment of trust, improve the Information Security of communication.
It is described in detail above to provided by the present invention based on the system and method for strengthening agent protection certificate.This Apply specific case in text to be set forth the principle and embodiment of the present invention, the explanation of above example is only intended to Help to understand method and its core concept of the invention.It should be pointed out that for those skilled in the art, Without departing from the principles of the invention, some improvement and modification can also be carried out to the present invention, these are improved and modification also falls Enter in the protection domain of the claims in the present invention.

Claims (10)

  1. It is 1. a kind of based on the method for strengthening agent protection certificate, it is characterised in that including:
    Step 1, the network data information from subscriber computer is intercepted;
    Step 2, judge whether the subscriber computer corresponding to the network data information has to the remote computation to be communicated The authority that machine accesses;
    If so, step 3, signature is encrypted to the network data information, the subscriber computer is authorized to the long-range meter Calculation machine conducts interviews.
  2. 2. as claimed in claim 1 based on the method for strengthening agent protection certificate, it is characterised in that the step 2, including:
    Identify the voucher for the remote computer that the subscriber computer will communicate and the network request of the network data information;
    The encryption information of the voucher is calculated, and exports the ciphering sequence of the network data information;
    Judge whether the certificate, the ciphering sequence and the network data information of the remote computer are included in white list number According in storehouse, and it is not included in black list database.
  3. 3. as claimed in claim 2 based on the method for strengthening agent protection certificate, it is characterised in that also include:
    Fire wall checks the network data information, judges whether there is the ciphering signature;
    If so, authorizing the network data information to conduct interviews the remote computer, otherwise, refuse the network data letter Breath conducts interviews to the remote computer.
  4. 4. as claimed in claim 3 based on the method for strengthening agent protection certificate, it is characterised in that described to the network data It is network data information to be encrypted signature by adding ciphering sequence field to application layer protocol that signature, which is encrypted, in information.
  5. 5. as claimed in claim 4 based on the method for strengthening agent protection certificate, it is characterised in that described to the network data It is that the ciphering sequence is added into IPV4 header Option Field or by the ciphering sequence that ciphering sequence field is added in information It is added to ipv6 header chain field.
  6. 6. it is a kind of based on strengthen agent protection certificate system, it is characterised in that including Intrusion Detection based on host credential management agency, can Believe voucher database and authorization server, the trusted voucher database includes the letter of mark trusted entity and respective encrypted certificate Breath, the credential management agency of the Intrusion Detection based on host are connected with subscriber computer, accessed for intercepting from the subscriber computer Remote computer network traffic information, and identify according to the network traffic information certificate and meter of the remote computer The confidential information of the certificate is calculated, after the ciphering sequence for obtaining the network data information, by the network data information and institute State ciphering sequence and be sent to the authorization server, the certificate of remote computer described in the authorization server judges, it is described plus Whether close sequence, the network data information are included in white list database, blacklist number in the trusted voucher database According to storehouse, if being all contained in the white list database, and the black list database is not included in, by using authorization server Signature is encrypted to the network traffic information in key, to authorize the intercepted network data information of network access.
  7. 7. as claimed in claim 6 based on the system for strengthening agent protection certificate, it is characterised in that described also including fire wall Fire wall is connected with the authorization server, the subscriber computer, for checking the network number from the subscriber computer It is believed that whether breath has the ciphering signature that the authorization server key of the authorization server is signed, if so, authorizing the network Data message conducts interviews to the remote computer, otherwise, refuses the network data information and the remote computer is entered Row accesses.
  8. 8. as claimed in claim 7 based on the system for strengthening agent protection certificate, it is characterised in that the authorization server is work Make public computer server authorization server or be operated in the authorization server of standalone network device.
  9. 9. as claimed in claim 8 based on the system for strengthening agent protection certificate, it is characterised in that the voucher of the Intrusion Detection based on host Administration agent is the credential management agency for the Intrusion Detection based on host for being operated in the subscriber computer or is operated in special computer The credential management agency of Intrusion Detection based on host.
  10. 10. as claimed in claim 9 based on the system for strengthening agent protection certificate, it is characterised in that also include and the fire prevention Wall, the authorization server, the distrust feedback device of subscriber computer connection, for being fed back to the subscriber computer The reason for can not being communicated with the remote computer.
CN201710538310.2A 2017-07-04 2017-07-04 A kind of system and method based on agent protection certificate is strengthened Pending CN107342999A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710538310.2A CN107342999A (en) 2017-07-04 2017-07-04 A kind of system and method based on agent protection certificate is strengthened

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710538310.2A CN107342999A (en) 2017-07-04 2017-07-04 A kind of system and method based on agent protection certificate is strengthened

Publications (1)

Publication Number Publication Date
CN107342999A true CN107342999A (en) 2017-11-10

Family

ID=60218352

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710538310.2A Pending CN107342999A (en) 2017-07-04 2017-07-04 A kind of system and method based on agent protection certificate is strengthened

Country Status (1)

Country Link
CN (1) CN107342999A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112671781A (en) * 2020-12-24 2021-04-16 北京华顺信安信息技术有限公司 RASP-based firewall system

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040054890A1 (en) * 2000-09-13 2004-03-18 Francois-Joseph Vasseur Method for producing evidence of the transmittal and reception through a data transmission network of an electronic document and its contents
CN101720090A (en) * 2009-06-16 2010-06-02 中兴通讯股份有限公司 Method and device for realizing remote access control of home base station
CN102916983A (en) * 2012-11-22 2013-02-06 北京奇虎科技有限公司 Protection system for network access behavior
CN102930211A (en) * 2012-11-07 2013-02-13 北京奇虎科技有限公司 Method for intercepting malicious URLs in multi-kernel browser and multi-kernel browser
CN103428187A (en) * 2012-05-25 2013-12-04 腾讯科技(深圳)有限公司 Method and system for access controlling, and equipment
US20160080330A1 (en) * 2000-04-07 2016-03-17 At&T Intellectual Property Ii, L.P. Broadband Certified Mail
CN105872059A (en) * 2016-03-31 2016-08-17 北京奇艺世纪科技有限公司 Remote execution method and device
CN105893865A (en) * 2015-12-31 2016-08-24 乐视移动智能信息技术(北京)有限公司 File processing method and device
CN106161385A (en) * 2015-04-15 2016-11-23 腾讯科技(上海)有限公司 The long-range control method of a kind of equipment and device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160080330A1 (en) * 2000-04-07 2016-03-17 At&T Intellectual Property Ii, L.P. Broadband Certified Mail
US20040054890A1 (en) * 2000-09-13 2004-03-18 Francois-Joseph Vasseur Method for producing evidence of the transmittal and reception through a data transmission network of an electronic document and its contents
CN101720090A (en) * 2009-06-16 2010-06-02 中兴通讯股份有限公司 Method and device for realizing remote access control of home base station
CN103428187A (en) * 2012-05-25 2013-12-04 腾讯科技(深圳)有限公司 Method and system for access controlling, and equipment
CN102930211A (en) * 2012-11-07 2013-02-13 北京奇虎科技有限公司 Method for intercepting malicious URLs in multi-kernel browser and multi-kernel browser
CN102916983A (en) * 2012-11-22 2013-02-06 北京奇虎科技有限公司 Protection system for network access behavior
CN106161385A (en) * 2015-04-15 2016-11-23 腾讯科技(上海)有限公司 The long-range control method of a kind of equipment and device
CN105893865A (en) * 2015-12-31 2016-08-24 乐视移动智能信息技术(北京)有限公司 File processing method and device
CN105872059A (en) * 2016-03-31 2016-08-17 北京奇艺世纪科技有限公司 Remote execution method and device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112671781A (en) * 2020-12-24 2021-04-16 北京华顺信安信息技术有限公司 RASP-based firewall system

Similar Documents

Publication Publication Date Title
CN103491072B (en) A kind of border access control method based on double unidirection insulation network brakes
CN111586025B (en) SDN-based SDP security group implementation method and security system
CN100496025C (en) Ternary equal identification based reliable network access control method
CN100553212C (en) A kind of reliable network access control system of differentiating based on the ternary equity
CN104618396B (en) A kind of trustable network access and access control method
CN106888084A (en) A kind of quantum fort machine system and its authentication method
Yang et al. Security analysis of third-party in-app payment in mobile applications
CN105282157B (en) A kind of secure communication control method
CN101808142B (en) Method and device for realizing trusted network connection through router or switch
CN109688119A (en) In a kind of cloud computing can anonymous traceability identity identifying method
CN103297437A (en) Safety server access method for mobile intelligent terminal
CN103647772A (en) Method for carrying out trusted access controlling on network data package
CN103875207A (en) Identification and authentication of network users
CN106060078A (en) User information encryption method, user registration method and user validation method applied to cloud platform
CN111314381A (en) Safety isolation gateway
CN109617875A (en) A kind of the secure accessing platform and its implementation of terminal communication network
CN108011873A (en) A kind of illegal connection determination methods based on set covering
CN104506480A (en) Cross-domain access control method and system based on marking and auditing combination
CN112016073A (en) Method for constructing server zero trust connection architecture
US8661246B1 (en) System and method for protecting certificate applications using a hardened proxy
CN107342999A (en) A kind of system and method based on agent protection certificate is strengthened
CN116720839B (en) Financial information management method based on blockchain technology and supervision system thereof
Linker et al. ADEM: An authentic digital emblem
CN112822217A (en) Server access method, device, equipment and storage medium
JP2007004373A (en) Mail verification system for phishing fraud prevention

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20171110

RJ01 Rejection of invention patent application after publication