[go: up one dir, main page]

CN103684770A - Digital certificate authentication based service system agent access method and device - Google Patents

Digital certificate authentication based service system agent access method and device Download PDF

Info

Publication number
CN103684770A
CN103684770A CN201210333276.2A CN201210333276A CN103684770A CN 103684770 A CN103684770 A CN 103684770A CN 201210333276 A CN201210333276 A CN 201210333276A CN 103684770 A CN103684770 A CN 103684770A
Authority
CN
China
Prior art keywords
user
identification information
operation system
accessible
database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201210333276.2A
Other languages
Chinese (zh)
Inventor
刘冬梅
来风刚
王栋
李静
李济伟
王怀宇
何永远
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Information and Telecommunication Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201210333276.2A priority Critical patent/CN103684770A/en
Publication of CN103684770A publication Critical patent/CN103684770A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种基于数字证书认证的业务系统代理访问方法和装置。所述方法包括:对用户进行数字证书认证,若通过认证,则得到标识用户的标识信息;在预先配置的数据库中,查询所述用户的标识信息对应的可访问的业务系统信息;所述数据库用于保存用户的标识信息与该用户可访问的业务系统之间的对应关系;根据所述用户标识对用户可访问业务系统的服务进行代理发布;以代理方式显示与所述用户的标识信息对应的可访问的业务系统信息;接收用户根据所述被代理的业务系统信息触发的任一业务系统的访问请求,实现对任一业务系统的基于代理的访问。本发明能够实现对不支持数字证书认证技术的业务系统进行访问时,无需对业务系统做任何改造,仅需要通过数字证书代理认证和业务系统代理访问技术,来达到业务系统对用户数字证书认证的目的,最终实现用户对业务系统的访问。

Figure 201210333276

The invention discloses a business system proxy access method and device based on digital certificate authentication. The method includes: performing digital certificate authentication on the user, and obtaining identification information identifying the user if the authentication is passed; querying the accessible service system information corresponding to the user identification information in a pre-configured database; the database It is used to save the corresponding relationship between the user's identification information and the business system accessible to the user; to publish the services of the business system accessible to the user according to the user identification; to display the corresponding information corresponding to the user's identification information in a proxy manner. Accessible business system information; receiving any business system access request triggered by the user according to the proxied business system information, and realizing proxy-based access to any business system. The present invention can achieve access to a business system that does not support digital certificate authentication technology without any modification to the business system, and only needs to use digital certificate proxy authentication and business system proxy access technology to achieve the business system's ability to authenticate users with digital certificates The purpose is to finally realize the user's access to the business system.

Figure 201210333276

Description

一种基于数字证书认证的业务系统代理访问方法和装置A business system proxy access method and device based on digital certificate authentication

技术领域 technical field

本发明涉及信息安全技术领域,具体涉及一种基于数字证书认证的业务系统代理访问方法和装置。The present invention relates to the technical field of information security, in particular to a business system proxy access method and device based on digital certificate authentication.

背景技术 Background technique

信息安全是指信息网络的硬件、软件及其系统中的数据受到保护,不受偶然的或者恶意的原因而遭到破坏、更改、泄露,系统连续可靠正常地运行,信息服务不中断。数字证书认证技术是在计算机网络中确认操作者身份的过程而产生的解决方法,是保证信息安全性的一种有效方法。而基于数字证书认证技术的业务系统访问,使得用户对业务系统的访问更具安全性。Information security means that the hardware, software and data in the information network are protected from being damaged, changed, or leaked due to accidental or malicious reasons, the system runs continuously and reliably, and the information service is not interrupted. Digital certificate authentication technology is a solution produced in the process of confirming the identity of the operator in the computer network, and it is an effective method to ensure information security. The business system access based on digital certificate authentication technology makes the user's access to the business system more secure.

目前,现有技术中,数字证书技术作为高强度的身份认证技术被广泛应用。但是,由于业务系统本身没有与数字证书系统提供的API接口相对应的接口实现功能,所以,当需要采用数字证书技术进行身份认证来访问业务系统时,往往需要根据数字证书系统提供的API接口对该业务系统自身进行改造。尤其对从建设期转型到运行期的业务系统进行访问,在进行身份认证时临时需要启用数字证书技术时,已经不具备了相应的开发能力。Currently, in the prior art, digital certificate technology is widely used as a high-strength identity authentication technology. However, since the business system itself does not have an interface implementation function corresponding to the API interface provided by the digital certificate system, when it is necessary to use digital certificate technology for identity authentication to access the business system, it is often necessary to use the API interface provided by the digital certificate system to The business system itself is transformed. Especially when accessing the business system from the construction period to the operation period, when it is temporarily necessary to enable digital certificate technology during identity authentication, it no longer has the corresponding development capabilities.

可见,现有技术在实现基于数字证书认证的业务系统访问时,对数字证书技术的使用实施难度较大、使用门槛过高。即使是对于具备开发能力的业务系统来说,对业务系统进行接口改造也需要较长的开发时间,这使得业务系统和数字证书系统结合实现基于数字证书认证的业务系统访问的接入周期长、业务使用的及时性难以保证,进而在一定程度上限制了数字证书认证技术在实现基于数字证书认证的业务系统访问的应用。It can be seen that when the existing technology realizes access to business systems based on digital certificate authentication, it is difficult to implement the use of digital certificate technology, and the threshold for use is too high. Even for a business system with development capabilities, it takes a long time to develop the interface of the business system, which makes the combination of the business system and the digital certificate system realize the long access cycle of business system access based on digital certificate authentication. It is difficult to guarantee the timeliness of business use, which limits the application of digital certificate authentication technology in realizing access to business systems based on digital certificate authentication to a certain extent.

发明内容 Contents of the invention

为解决上述问题,本发明提供了一种基于数字证书认证的业务系统代理访问方法和装置,以使得对不支持数字证书认证技术的业务系统进行访问时,无需对业务系统做任何改造,通过数字证书认证和业务系统代理技术,即可实现基于数字证书认证的业务系统代理访问。In order to solve the above problems, the present invention provides a business system proxy access method and device based on digital certificate authentication, so that when accessing a business system that does not support digital certificate authentication technology, there is no need to make any changes to the business system. Certificate authentication and business system proxy technology can realize business system proxy access based on digital certificate authentication.

为了实现本发明目的,本发明提供了一种基于数字证书认证的业务系统代理访问方法,所述方法包括:In order to achieve the purpose of the present invention, the present invention provides a business system proxy access method based on digital certificate authentication, the method comprising:

对用户进行数字证书认证,若通过认证,则获得用户的标识信息;Perform digital certificate authentication on the user, and obtain the user's identification information if the authentication is passed;

在预先配置的数据库中,查询所述用户的标识信息对应的可访问的业务系统;In the pre-configured database, query the accessible service system corresponding to the user's identification information;

所述数据库用于保存用户的标识信息与该用户可访问的业务系统之间的对应关系;The database is used to store the correspondence between the user's identification information and the business systems accessible to the user;

对所述用户可访问的业务系统进行代理;Proxy the business system accessible to the user;

以代理方式显示所述用户可访问的业务系统;Displaying the business systems accessible to the user in a proxy manner;

接收用户根据所述被显示的用户可访问的业务系统触发的任一业务系统的访问请求,实现对该任一业务系统的访问。An access request of any business system triggered by the user according to the displayed business systems accessible to the user is received, and access to the any business system is realized.

优选地,所述对用户进行数字证书认证,得到标识用户的标识信息,具体为,Preferably, performing digital certificate authentication on the user to obtain identification information identifying the user, specifically,

对被证书认证机构签名的用户数字证书进行验证,得到用户的标识信息。Verify the user's digital certificate signed by the certificate certification authority to obtain the user's identification information.

优选地,查询所述用户的标识信息对应的可访问的业务系统包括:Preferably, querying the accessible service system corresponding to the user's identification information includes:

将用户的标识信息加密传送至预先配置的数据库;Encrypt and transmit the user's identification information to the pre-configured database;

在所述预先配置的数据库中,查询用户的标识信息对应的可访问的业务系统。In the pre-configured database, the accessible service system corresponding to the user's identification information is queried.

优选地,所述将用户的标识信息加密传送至预先设置的数据库,具体为:Preferably, the encrypted transmission of the user's identification information to a preset database is specifically:

通过安全套接层SSL或传输层安全TLS加密将用户的标识信息加密传送至预先设置的数据库。The user's identification information is encrypted and transmitted to the preset database through secure socket layer SSL or transport layer security TLS encryption.

优选地,所述在预先配置的数据库中,查询所述用户的标识信息对应的可访问的业务系统之前还包括:Preferably, before querying the accessible business system corresponding to the user's identification information in the pre-configured database, the query further includes:

将用户的标识信息与该用户可访问的业务系统保存至数据库中。Save the user's identification information and the business systems accessible to the user into the database.

优选地,所述以代理方式显示所述用户可访问的业务系统为:Preferably, the displaying the business system accessible to the user in a proxy mode is:

以代理方式通过用户自定义的界面显示所述用户可访问的业务系统。The user-accessible business systems are displayed through a user-defined interface in a proxy manner.

还提供一种基于数字证书认证的业务系统代理访问装置,所述装置包括:Also provided is a business system proxy access device based on digital certificate authentication, said device comprising:

身份认证模块,用于对用户进行数字证书认证,若通过,则进入标识获得模块;The identity authentication module is used for digital certificate authentication to the user, and if passed, enters the identification acquisition module;

标识获得模块,用于得到标识用户的标识信息;An identification obtaining module, configured to obtain identification information identifying the user;

第一信息查询模块,用于在预先配置的数据库中,查询所述用户的标识信息对应的可访问的业务系统;The first information query module is used to query the accessible service system corresponding to the identification information of the user in the pre-configured database;

所述数据库用于保存用户的标识信息与该用户可访问的业务系统之间的对应关系;The database is used to store the correspondence between the user's identification information and the business systems accessible to the user;

代理模块,用于对所述用户可访问的业务系统进行代理;an agent module, configured to act as an agent for the service system accessible to the user;

信息显示模块,用于以代理方式显示所述用户可访问的业务系统;An information display module, configured to display the business systems accessible to the user in a proxy manner;

业务访问模块,用于接收用户根据所述被显示的用户可访问的业务系统触发的任一业务系统的访问请求,实现对任一业务系统的访问。The service access module is configured to receive an access request of any service system triggered by the user according to the displayed service systems accessible to the user, so as to realize access to any service system.

优选地,所述第一信息查询模块包括:Preferably, the first information query module includes:

数据库配置模块,用于将用户的标识信息和其可访问的业务系统保存至数据库中;The database configuration module is used to save the user's identification information and its accessible business systems into the database;

第二信息查询模块,用于在所述数据库中,查询所述用户的标识信息对应的可访问的业务系统。The second information query module is configured to query the database for accessible service systems corresponding to the user's identification information.

优选地,所述第二信息查询模块包括:Preferably, the second information query module includes:

信息加密模块,用于将用户的标识信息加密传送至预先配置的数据库;The information encryption module is used to encrypt and transmit the user's identification information to a pre-configured database;

第三信息查询模块,用于在所述预先配置的数据库中,查询用户的标识信息对应的可访问的业务系统。The third information query module is configured to query the accessible service system corresponding to the user's identification information in the pre-configured database.

优选地,所述信息显示模块包括:Preferably, the information display module includes:

界面自定义模块,用于用户自定义界面;Interface customization module, used for user-defined interface;

信息显示子模块,用于以代理方式通过所述界面自定义模块定义的界面显示显示所述用户可访问的业务系统。The information display sub-module is used to display and display the service systems accessible to the user through the interface defined by the interface customization module in a proxy manner.

与现有技术相比,本发明的有益效果如下:Compared with the prior art, the beneficial effects of the present invention are as follows:

本发明中,计算机系统对用户进行数字证书认证,可以保证用户对业务应用系统访问的安全性,若该用户通过计算机系统对其进行的数字证书认证,即此用户为安全用户,则计算机系统获得用来唯一标识给用户的用户标识信息。同时,计算机系统预先配置数据库,用于保存用户标识信息与其可访问的业务系统资源之间的对应关系,根据用户标识信息在此预先配置的数据库中查询对应的此用户可访问的业务系统信息,并对用户可访问的业务系统进行代理,进而以代理方式向用户显示其可访问的业务系统信息,用户通过触发任一业务系统,实现对该业务系统代理访问。本发明实施例并没有对业务系统进行任何改造,而且对于业务系统来说,也不需要特别的支持数字证书认证系统应用,而是用户通过访问业务系统代理的方式,间接地实现了基于数字证书安全认证的业务系统访问,。借助这一创新技术,使得用户对不支持数字证书认证技术的业务应用系统进行访问时,无需任何改造,即可实现用户对基于数字证书认证的业务系统代理访问,最终达到访问业务系统的目的,使各类业务系统享受到数字证书认证系统提供的各类安全服务,且极大地提高了使用数字证书认证技术访问业务系统的推广力度。In the present invention, the computer system authenticates the user with a digital certificate, which can ensure the security of the user's access to the business application system. If the user passes the digital certificate authentication performed by the computer system, that is, the user is a safe user, the computer system obtains User identification information used to uniquely identify a user. At the same time, the computer system pre-configures a database for saving the corresponding relationship between user identification information and its accessible business system resources, and searches the corresponding user-accessible business system information in the pre-configured database according to the user identification information, It also acts as a proxy for the business systems that users can access, and then displays the business system information accessible to users in a proxy manner, and the user realizes proxy access to the business system by triggering any business system. The embodiment of the present invention does not carry out any transformation on the business system, and for the business system, there is no need to support the application of the digital certificate authentication system in particular, but the user accesses the business system agent to indirectly realize the authentication based on the digital certificate. Security-authenticated business system access, . With the help of this innovative technology, when users access business application systems that do not support digital certificate authentication technology, they can realize proxy access to business systems based on digital certificate authentication without any modification, and finally achieve the purpose of accessing business systems. It enables various business systems to enjoy various security services provided by the digital certificate authentication system, and greatly improves the promotion of using digital certificate authentication technology to access business systems.

进一步的,查询用户标识信息对应的可访问的业务系统信息时,将用户标识信息传送至预先配置的数据库,可以采用加密的形式,可以保证传输信息过程中不会发生安全性问题,进一步保证用户对业务系统的安全访问。Furthermore, when querying the accessible business system information corresponding to the user identification information, the user identification information is transmitted to the pre-configured database, which can be in encrypted form, which can ensure that no security issues will occur during the transmission of information, and further ensure that users Secure access to business systems.

进一步的,通过用户自定义的界面显示与用户标识信息对应的可访问的代理装置所代理的业务系统服务,使其可以只显示给受信任用户可访问的资源,这减少了网关的投资,提高了安全性和可视性。Furthermore, the business system services represented by the accessible proxy device corresponding to the user identification information are displayed through the user-defined interface, so that it can only display resources accessible to trusted users, which reduces the investment of the gateway and improves security and visibility.

附图说明 Description of drawings

为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请中记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments described in this application. Those skilled in the art can also obtain other drawings based on these drawings without creative work.

图1为本发明实施例一基于数字证书认证的业务系统代理访问方法的流程图;Fig. 1 is a flow chart of a business system proxy access method based on digital certificate authentication according to an embodiment of the present invention;

图2为本发明实施例二基于数字证书认证的业务系统代理访问方法的流程图;Fig. 2 is the flowchart of the business system proxy access method based on digital certificate authentication according to Embodiment 2 of the present invention;

图3为本发明实施例三基于数字证书认证的业务系统代理访问装置的结构图;3 is a structural diagram of a business system proxy access device based on digital certificate authentication according to Embodiment 3 of the present invention;

图4为本发明实施例三基于数字证书认证的业务系统代理访问装置的第一信息查询模块结构图;4 is a structural diagram of the first information query module of the business system proxy access device based on digital certificate authentication according to Embodiment 3 of the present invention;

图5为本发明实施例三基于数字证书认证的业务系统代理访问装置的第二信息查询模块结构图;5 is a structural diagram of the second information query module of the business system proxy access device based on digital certificate authentication according to Embodiment 3 of the present invention;

图6为本发明实施例三基于数字证书认证的业务系统代理访问装置的信息显示模块结构图。FIG. 6 is a structural diagram of an information display module of a business system proxy access device based on digital certificate authentication according to Embodiment 3 of the present invention.

具体实施方式 Detailed ways

为了解决上述问题,本发明实施例提供了一种基于数字证书认证的业务系统代理访问方法,以下结合附图进行详细说明。In order to solve the above problems, an embodiment of the present invention provides a digital certificate authentication-based proxy access method for a business system, which will be described in detail below with reference to the accompanying drawings.

实施例一、Embodiment one,

参考图1,图1为本发明实施例一的基于数字证书认证的业务系统代理访问方法流程图,本实施例具体可以包括:Referring to Fig. 1, Fig. 1 is a flow chart of a business system proxy access method based on digital certificate authentication in Embodiment 1 of the present invention. This embodiment may specifically include:

步骤101、对用户进行数字证书认证,若通过认证,则进入步骤102;Step 101, carry out digital certificate authentication to the user, if pass authentication, then enter step 102;

步骤102、得到用户的标识信息。Step 102, obtaining user identification information.

本实施例中,用户通过对业务系统代理装置访问实现对业务系统的访问,在用户访问业务系统代理装置之前,实施本发明的计算机系统需要对当前访问用户进行基于数字证书技术的身份认证,从而判断当前用户是否为安全用户,如果该用户为安全用户,即该用户通过了计算机系统的身份认证,计算机系统则获得该用户的标识信息,用来唯一标识该用户,以便后续步骤中,计算机系统对该用户的标识的使用。In this embodiment, the user realizes access to the business system by accessing the business system proxy device. Before the user accesses the business system proxy device, the computer system implementing the present invention needs to perform identity authentication based on digital certificate technology for the current access user, thereby Determine whether the current user is a safe user. If the user is a safe user, that is, the user has passed the identity authentication of the computer system, the computer system will obtain the user's identification information, which is used to uniquely identify the user, so that in the subsequent steps, the computer system Use of the user's identity.

如果用户并没有通过计算机系统的数字证书验证,即该用户为非安全用户,则计算机系统不能获得用来唯一标识该用户的标识信息,进而不能进行下面操作。If the user has not passed the digital certificate verification of the computer system, that is, the user is an insecure user, the computer system cannot obtain the identification information used to uniquely identify the user, and thus cannot perform the following operations.

每个用户在获得了证书认证机构颁发的数字证书后,都获得了用于唯一标识该用户的用户标识信息,用户通过利用自己的标识信息来通过计算机系统的身份认证,即证明该用户为计算机系统的安全用户。After each user obtains the digital certificate issued by the certificate certification authority, he obtains the user identification information used to uniquely identify the user. The user passes the identity authentication of the computer system by using his own identification information, which proves that the user is a computer system. A security user of the system.

在本实施例中,计算机系统获得的用来标识该用户的标识信息可以为该用户的数字证书密钥,也可以是其他形式的标识信息,用户标识信息的形式以及不影响本发明实施例的具体实现,因此本发明也不对其进行限制,其他认证信息的形式也属于本发明保护的范围。In this embodiment, the identification information obtained by the computer system to identify the user may be the user's digital certificate key, or other forms of identification information. The specific implementation is therefore not limited in the present invention, and other forms of authentication information also belong to the scope of protection of the present invention.

步骤103、在预先配置的数据库中,查询所述用户的标识信息对应的可访问的业务系统。Step 103, query the accessible service system corresponding to the user's identification information in the pre-configured database.

计算机系统接收了用户的标识信息后,若该用户通过了计算机系统对其进行的基于数字证书技术的身份安全验证,即目前对业务系统进行访问的用户是安全用户,则计算机系统在预先生成的数据库中,根据当前对业务系统进行访问的用户标识信息查询该用户标识信息对应的可访问的业务系统信息。After the computer system receives the user's identification information, if the user has passed the identity security verification based on the digital certificate technology performed by the computer system, that is, the user currently accessing the business system is a secure user, the computer system will be in the pre-generated In the database, the accessible service system information corresponding to the user identification information is queried according to the user identification information currently accessing the service system.

在实际应用中,可以预先设置允许访问各业务系统的安全用户,并保存至预先配置的用于查询的数据库中,也就是,数据库保存了用户标识信息、可访问的业务系统代理及两者之间的对应关系。此数据库只需在本步骤之前预先生成即可。In practical applications, the security users allowed to access each business system can be preset and stored in a pre-configured database for query, that is, the database stores user identification information, accessible business system agents, and the relationship between the two Correspondence between. This database only needs to be pregenerated before this step.

步骤104、对所述用户可访问的业务系统进行代理。Step 104, proxying the service systems accessible to the user.

根据用户的标识信息查询到对应的可访问的业务系统后,通过代理装置对业务系统进行代理。After finding the corresponding accessible service system according to the identification information of the user, the service system is represented by the agent device.

所述代理装置可以是接收了连接业务系统的信号,并将此信号传达给业务系统,同时实现对业务系统的代理。The proxy device may receive a signal for connecting to the business system, and communicate the signal to the business system, and at the same time realize the proxy for the business system.

步骤105、以代理方式显示所述用户可访问的业务系统。Step 105, displaying the service systems accessible to the user in a proxy manner.

计算机系统根据用户的标识信息查询数据库,并获得与用户标识信息对应的可访问的业务系统的信息,为了使当前用户能够通过代理装置选择访问一个或几个业务系统,代理装置需要通过代理的方式将该用户可访问的业务系统显示给该用户。The computer system queries the database according to the user's identification information, and obtains the information of the accessible business system corresponding to the user's identification information. In order to enable the current user to choose to access one or several business systems through the proxy device, the proxy device needs to use the proxy method Show the user the business systems that the user has access to.

具体的,计算机系统可以通过用户自定义的界面的形式向用户显示该用户可访问的业务系统信息。用户自定义显示界面时可根据实际需求或者界面显示的实际条件来设置,如将代理装置所代理的业务系统信息只显示给受信任的用户,或者以列表的方式显示等。Specifically, the computer system may display the user-accessible business system information to the user through a user-defined interface. When the user customizes the display interface, it can be set according to the actual needs or the actual conditions of the interface display, such as only displaying the business system information represented by the agent device to trusted users, or displaying it in a list, etc.

步骤106、接收用户根据所述被显示的用户可访问的业务系统触发的任一业务系统的访问请求,实现对该任一业务系统的访问。Step 106: Receive an access request of any business system triggered by the user according to the displayed business systems accessible to the user, and implement access to the any business system.

计算机系统向当前要访问业务系统代理装置的用户显示该用户可访问的业务系统信息,用户可以根据自己需求来触发一项可访问的业务系统,同时计算机系统会实现该用户对其触发的业务系统的基于代理的访问。The computer system displays the information of the business system accessible to the user who is currently accessing the business system agent device, and the user can trigger an accessible business system according to his own needs, and the computer system will realize the business system triggered by the user proxy-based access.

具体的,用户访问业务系统代理装置有两种访问方式,即页面访问方式和客户端访问方式。Specifically, there are two access modes for a user to access the service system agent device, namely, a page access mode and a client access mode.

当用户使用标准的网络浏览器以页面访问方式对业务系统代理装置进行访问时,用户不需要安装任何插件和控件,直接访问内部网络。When the user uses a standard web browser to access the business system proxy device in the form of page access, the user does not need to install any plug-ins and controls, and directly accesses the internal network.

当用户以客户端访问方式对业务系统代理装置进行访问时,用户发起java或activeX控件方式的TCP应用,不需要建立三层隧道。本实施例中,计算机系统接收用户标识信息,并对用户标识信息进行安全验证,可以保证用户对业务应用系统访问的安全性。同时,预先设置了用于保存用户标识信息与其可访问的业务系统资源之间的对应关系数据库,根据用户标识信息在数据库中查询并显示对应的可访问的业务系统信息,并对可访问的业务系统进行代理,通过触发任一业务系统,实现对该业务系统的基于代理的访问。本实施例使得用户对不支持身份认证技术的业务应用系统进行访问时,无需任何改造,通过数字证书认证和业务系统代理访问技术,即可实现用户对基于数字证书认证的业务系统访问,使各类业务系统享受到身份认证系统提供的各类安全服务,且极大地提高了使用数字证书认证技术访问业务系统的推广力度。When the user accesses the business system proxy device in the client access mode, the user initiates a TCP application in the java or activeX control mode, and there is no need to establish a three-layer tunnel. In this embodiment, the computer system receives the user identification information and performs security verification on the user identification information, which can ensure the security of the user's access to the business application system. At the same time, a database for storing the correspondence between user identification information and its accessible business system resources is preset, and the corresponding accessible business system information is queried and displayed in the database according to the user identification information, and the accessible business system resources are checked and displayed. The system acts as a proxy, and by triggering any business system, the proxy-based access to the business system is realized. This embodiment enables users to access business application systems that do not support identity authentication technology without any modification. Through digital certificate authentication and business system proxy access technology, users can access business systems based on digital certificate authentication. Such business systems can enjoy all kinds of security services provided by the identity authentication system, and the promotion of using digital certificate authentication technology to access business systems has been greatly improved.

由于在本实施例中,用户标识信息被传送至服务器进行数据库查询过程中,数据的安全性存在威胁,所以通过实施例二的安全加密传输方式进行用户认证信息的加密传输,能确保用户的数据传输安全性。Since in this embodiment, when the user identification information is transmitted to the server for database query, the data security is threatened, so the encrypted transmission of the user authentication information is carried out through the secure encrypted transmission method of the second embodiment, which can ensure that the user's data Transport security.

实施例二、Embodiment two,

参考图2,图2为本发明实施例二的基于数字证书认证的业务系统代理访问方法流程图,本实施例具体可以包括:Referring to FIG. 2, FIG. 2 is a flowchart of a method for proxy accessing a service system based on digital certificate authentication in Embodiment 2 of the present invention. This embodiment may specifically include:

步骤201、预先配置用于保存用户标识信息与其可访问的业务系统之间的对应关系的数据库。Step 201, pre-configuring a database for saving the correspondence between user identification information and service systems accessible to them.

计算机系统可以预先设置允许访问各业务系统的安全用户,计算机系统将安全用户的用户标识信息以及其可访问的业务系统信息保存至预先配置的用于查询的数据库中,该数据库保存了用户标识信息、可访问的业务系统信息及两者之间的对应关系。此数据库配置过程为本实施例预先完成部分。The computer system can pre-set security users who are allowed to access each business system, and the computer system saves the user identification information of the security users and the business system information they can access to a pre-configured database for query, which stores the user identification information , accessible business system information and the correspondence between the two. This database configuration process is a pre-completed part of this embodiment.

步骤202、对用户进行数字证书认证,若通过认证,则进入步骤203;Step 202, carry out digital certificate authentication to the user, if pass the authentication, then enter step 203;

步骤203、得到用户的标识信息,并进入步骤204。Step 203 , obtain the identification information of the user, and proceed to step 204 .

本实施例中,用户通过对业务系统代理装置访问实现对业务系统的访问,在用户访问业务系统代理装置之前,计算机系统需要通过数字证书验证该用户是否为安全用户,如果通过验证,即该用户为安全用户,则计算机系统获取该用户对应的用户标识信息,以便后续步骤中,计算机系统对该用户的标识信息进行运用。In this embodiment, the user accesses the business system by accessing the business system proxy device. Before the user accesses the business system proxy device, the computer system needs to verify whether the user is a safe user through a digital certificate. If the verification is passed, the user If it is a secure user, the computer system obtains the user identification information corresponding to the user, so that in the subsequent steps, the computer system can use the user identification information.

每个用户在获得了证书认证机构颁发的数字证书后,都获得了用于唯一标识该用户的用户标识信息,用户通过利用自己的标识信息来通过计算机系统的身份认证,即证明该用户为计算机系统的安全用户。After each user obtains the digital certificate issued by the certificate certification authority, he obtains the user identification information used to uniquely identify the user. The user passes the identity authentication of the computer system by using his own identification information, which proves that the user is a computer system. A security user of the system.

如果计算机系统对用户进行数字证书认证时,并没有获得该用户的用户标识信息,也就说明该用户预先没有获得证书认证机构颁发的数字证书,则此用户不属于安全用户,即该用户并没有通过数字证书认证系统的身份认证。If the computer system does not obtain the user's user identification information when the computer system authenticates the user with a digital certificate, it means that the user has not obtained the digital certificate issued by the certificate certification authority in advance, and the user is not a safe user, that is, the user does not have Identity authentication through the digital certificate authentication system.

步骤204、通过安全套接层SSL或传输层安全TLS加密将用户标识信息传送至数据库。Step 204, transmit the user identification information to the database through secure socket layer SSL or transport layer security TLS encryption.

在用户标识信息被传送至保存有前述的用户标识信息、可访问的业务系统信息及两者之间的对应关系的数据库进行查询之前,计算机系统通过SSL或者TLS对用户标识信息以及传输信道进行加密,并将加密后的用户标识信息传送至此数据库,用来在数据库中进行可访问业务系统信息的查询。Before the user identification information is transmitted to the database that stores the aforementioned user identification information, accessible business system information and the correspondence between the two for query, the computer system encrypts the user identification information and the transmission channel through SSL or TLS , and transmit the encrypted user identification information to the database for querying the accessible business system information in the database.

计算机系统对用户标识信息以及传输信道进行加密的方式可使用标准的SSL协议,以建立安全信道保证用户标识信息安全传送至数据库中。The way the computer system encrypts the user identification information and the transmission channel can use the standard SSL protocol to establish a secure channel to ensure that the user identification information is safely transmitted to the database.

步骤205、在预先配置的数据库中,查询用户标识信息对应的可访问的业务系统信息。Step 205, query the accessible business system information corresponding to the user identification information in the pre-configured database.

首先,计算机系统对该用户进行基于数字证书的身份认证,若该用户通过了计算机系统对其进行的身份安全验证,即目前对业务系统进行访问的用户是安全用户,则计算机系统获得用于唯一标识该用户的用户标识信息。然后,计算机系统通过安全加密传输将该用户的标识信息传送至用于保存用户标识信息、可访问的业务系统信息及两者之间的对应关系的数据库中。再次,计算机系统对被加密传送至数据库的身份标识信息进行安全解密。最后,计算机系统在预先配置的数据库中,根据当前已被解密的用户标识信息查询该用户对应的可访问的业务系统信息。First, the computer system authenticates the user based on a digital certificate. If the user passes the identity security verification performed by the computer system, that is, the user currently accessing the business system is a secure user, the computer system obtains a unique ID for the user. User ID information that identifies this user. Then, the computer system transmits the user's identification information to a database for saving the user's identification information, accessible business system information and the correspondence between the two through secure encrypted transmission. Thirdly, the computer system safely decrypts the encrypted identification information sent to the database. Finally, the computer system queries the user's corresponding accessible service system information in the pre-configured database according to the currently decrypted user identification information.

步骤206、通过用户自定义的界面显示与所述用户标识信息对应的可访问的业务系统并将其代理。Step 206 , display the accessible service system corresponding to the user identification information through the user-defined interface and proxy it.

计算机系统根据用于唯一标识用户的用户标识信息查询数据库,并获得与用户标识信息对应的可访问的业务系统的信息,为了使当前用户能够在其可访问的业务系统中进行选择访问,计算机系统将该用户可访问的业务系统的信息显示给该用户,根据用户需求的不同,可以自定义适合其需求的显示界面,如只对受信任用户开放某些业务系统资源等。The computer system queries the database according to the user identification information used to uniquely identify the user, and obtains the information of the accessible business systems corresponding to the user identification information. In order to enable the current user to select and access the accessible business systems, the computer system The information of the business systems accessible to the user is displayed to the user. According to the different needs of the user, a display interface suitable for the user's needs can be customized, such as opening certain business system resources only to trusted users.

由于数字证书认证系统不能直接与业务系统进行通信,所以业务系统要通过代理装置对其代理,用户通过访问代理装置,最终达到访问业务系统的目的。Since the digital certificate authentication system cannot directly communicate with the business system, the business system must act as an agent for it through a proxy device, and the user accesses the proxy device to finally achieve the purpose of accessing the business system.

步骤207、接收用户根据所述可访问的业务系统信息触发的任一业务系统的访问请求,实现对该任一业务系统的访问。Step 207: Receive an access request of any service system triggered by the user according to the accessible service system information, and implement access to the any service system.

计算机系统向当前要访问代理装置的用户显示该用户可访问的被代理的业务系统信息,用户可以根据自己需求来触发一项其可访问的业务系统,同时计算机系统会实现该用户所触发的业务系统的访问。The computer system displays to the user who currently wants to access the proxy device the information of the proxied business system that the user can access, and the user can trigger an accessible business system according to his own needs, and at the same time, the computer system will realize the business system triggered by the user system access.

在本实施例中,除了可以达到用户对不支持身份认证技术的业务应用系统进行访问时,无需任何改造,只需通过数字证书代理认证和业务系统代理访问技术,即可实现用户对基于数字证书认证的业务系统访问的效果之外,还由于采用了安全加密传输方式进行用户认证信息的加密传输,进一步减少了用户标识信息在被传送至数据库进行查询过程中数据安全性存在的威胁。In this embodiment, except that when the user can access the business application system that does not support the identity authentication technology, no modification is required, only through the digital certificate proxy authentication and the business system proxy access technology, the user can realize the user's access to the business application system based on the digital certificate. In addition to the effect of authenticated business system access, the encrypted transmission of user authentication information by means of secure encrypted transmission further reduces the threat of data security when user identification information is transmitted to the database for query.

本发明实施例提供了一种基于数字证书认证的业务系统代理访问装置,以下结合附图进行详细说明。An embodiment of the present invention provides a device for proxy accessing a service system based on digital certificate authentication, which will be described in detail below with reference to the accompanying drawings.

实施例三、Embodiment three,

参考图3,为本发明实施例提供了一种基于数字证书认证的业务系统代理访问装置的结构示意图,本实施例具体可以包括:Referring to FIG. 3 , it provides a schematic structural diagram of a digital certificate authentication-based business system proxy access device for an embodiment of the present invention. This embodiment may specifically include:

身份认证模块301,用于对用户进行数字证书认证,若通过,则进入标识获得模块;The identity authentication module 301 is used to carry out digital certificate authentication to the user, and if it passes, then enters the identification obtaining module;

标识获得模块302,用于得到标识用户的标识信息;An identification obtaining module 302, configured to obtain identification information identifying the user;

第一信息查询模块303,用于在预先配置的数据库中,查询所述用户的标识信息对应的可访问的业务系统;The first information query module 303 is configured to query the accessible service system corresponding to the user's identification information in a pre-configured database;

参考图4,所述第一信息查询模块303包括:With reference to Fig. 4, described first information inquiry module 303 comprises:

数据库配置模块401,用于将用户的标识信息和其可访问的业务系统保存至数据库中;The database configuration module 401 is used to save the user's identification information and its accessible business systems into the database;

第二信息查询模块402,用于在所述数据库中,查询所述用户的标识信息对应的可访问的业务系统。The second information query module 402 is configured to query the database for accessible service systems corresponding to the user's identification information.

参考图5,所述第二信息查询模块402包括:Referring to FIG. 5, the second information query module 402 includes:

信息加密模块501,用于将用户的标识信息加密传送至预先配置的数据库;An information encryption module 501, configured to encrypt and transmit the user's identification information to a pre-configured database;

第三信息查询模块502,用于在所述预先配置的数据库中,查询用户的标识信息对应的可访问的业务系统。The third information query module 502 is configured to query the accessible service system corresponding to the user's identification information in the pre-configured database.

所述数据库用于保存用户的标识信息与该用户可访问的业务系统之间的对应关系;The database is used to store the correspondence between the user's identification information and the business systems accessible to the user;

代理模块304,用于对所述用户可访问的业务系统进行代理;A proxy module 304, configured to proxy the service systems accessible to the user;

信息显示模块305,用于以代理方式显示所述用户可访问的业务系统;参An information display module 305, configured to display the business systems accessible to the user in a proxy manner; refer to

考图6,所述信息显示模块305包括:Referring to Figure 6, the information display module 305 includes:

界面自定义模块601,用于用户自定义界面;Interface customization module 601, used for user-defined interface;

信息显示子模块602,用于以代理方式通过所述界面自定义模块定义的界面显示显示所述用户可访问的业务系统。The information display sub-module 602 is configured to display the service systems accessible to the user through the interface defined by the interface customization module in a proxy manner.

业务访问模块306,用于接收用户根据所述被显示的用户可访问的业务系统触发的任一业务系统的访问请求,实现对任一业务系统的访问。The service access module 306 is configured to receive an access request of any service system triggered by the user according to the displayed service systems accessible to the user, and implement access to any service system.

本实施例中,用户在通过数字证书安全认证后,计算机系统获得用来唯一标识用户的用户标识信息,同时,预先配置了用于保存用户标识信息与其可访问的业务系统资源之间的对应关系数据库,根据用户认证信息在数据库中查询并显示对应的可访问的业务系统信息,通过触发任一业务系统,实现对业务系统的访问。本实施例保证了用户对业务应用系统访问的安全性,同时使得用户对不支持身份认证技术的业务应用系统进行访问时,无需任何改造,只需要通过数字证书代理认证和业务的系统代理访问技术,即可实现基于用户数字证书的安全认证的业务系统的访问。In this embodiment, after the user passes the digital certificate security authentication, the computer system obtains the user identification information used to uniquely identify the user, and at the same time, the corresponding relationship between the user identification information and the accessible business system resources is pre-configured The database queries and displays the corresponding accessible business system information in the database according to the user authentication information, and realizes the access to the business system by triggering any business system. This embodiment ensures the security of the user's access to the business application system, and at the same time enables the user to access the business application system that does not support identity authentication technology without any modification, only through digital certificate proxy authentication and business system proxy access technology , the access to the business system based on the security authentication of the user's digital certificate can be realized.

需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个......”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。It should be noted that in this article, relational terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply that there is a relationship between these entities or operations. There is no such actual relationship or order between them. Furthermore, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article or apparatus comprising a set of elements includes not only those elements, but also includes elements not expressly listed. other elements of or also include elements inherent in such a process, method, article, or device. Without further limitations, an element defined by the phrase "comprising a ..." does not exclude the presence of additional identical elements in the process, method, article or apparatus comprising said element.

以上对本发明实施例所提供的基于数字证书认证的业务系统代理访问方法和装置进行了详细介绍,本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想;同时,对于本领域的一般技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本发明的限制。The method and device for proxy access to business systems based on digital certificate authentication provided by the embodiments of the present invention are described above in detail. In this paper, specific examples are used to illustrate the principles and implementation methods of the present invention. The descriptions of the above embodiments are only used To help understand the method of the present invention and its core idea; at the same time, for those of ordinary skill in the art, according to the idea of the present invention, there will be changes in the specific implementation and scope of application. In summary, this specification The content should not be construed as a limitation of the invention.

Claims (10)

1. the operation system proxy access method based on digital certificate authentication, is characterized in that, described method comprises:
User is carried out to digital certificate authentication, if by authentication, obtain user's identification information;
In pre-configured database, inquire about described user's addressable operation system corresponding to identification information;
Described database is for preserving the corresponding relation between user's identification information and the operation system of this user-accessible;
Operation system to described user-accessible is acted on behalf of;
The operation system that shows described user-accessible with agent way;
Receive user according to the access request of arbitrary operation system of the operation system triggering of described shown user-accessible, realize the access to this arbitrary operation system.
2. method according to claim 1, is characterized in that, described user is carried out to digital certificate authentication, obtains the identification information of identifying user, be specially,
The customer digital certificate of Dui Bei certificate verification mechanism signature is verified, obtains user's identification information.
3. method according to claim 2, is characterized in that, the addressable operation system corresponding to identification information of inquiring about described user comprises:
User's identification information is encrypted and is sent to pre-configured database;
In described pre-configured database, the addressable operation system that the identification information of inquiring user is corresponding.
4. method according to claim 3, is characterized in that, the described identification information by user is encrypted and is sent to the database setting in advance, and is specially:
By SSL SSL or Transport Layer Security TLS, encrypt user's identification information is encrypted and is sent to the database setting in advance.
5. method according to claim 4, is characterized in that, described in pre-configured database, and the addressable operation system corresponding to identification information of inquiring about described user also comprises before:
The operation system of user's identification information and this user-accessible is saved in database.
6. method according to claim 5, is characterized in that, described take operation system that agent way shows described user-accessible as:
With agent way by the operation system of user-accessible described in user-defined interface display.
7. the operation system proxy access device based on digital certificate authentication, is characterized in that, described device comprises:
Authentication module, for user is carried out to digital certificate authentication, if pass through, enters sign and obtains module;
Sign obtains module, for obtaining the identification information of identifying user;
First information enquiry module, for the database pre-configured, inquires about described user's addressable operation system corresponding to identification information;
Described database is for preserving the corresponding relation between user's identification information and the operation system of this user-accessible;
Proxy module, acts on behalf of for the operation system to described user-accessible;
Information display module, for showing the operation system of described user-accessible with agent way;
Operational Visit module, for receiving user according to the access request of arbitrary operation system of the operation system triggering of described shown user-accessible, realizes the access to arbitrary operation system.
8. device according to claim 7, is characterized in that, described first information enquiry module comprises:
Database configuration module, for being saved to database by user's identification information and its addressable operation system;
The second information inquiry module, at described database, inquires about described user's addressable operation system corresponding to identification information.
9. device according to claim 8, is characterized in that, described the second information inquiry module comprises:
Information encryption module, for encrypting user's identification information to be sent to pre-configured database;
The 3rd information inquiry module, at described pre-configured database, the addressable operation system that the identification information of inquiring user is corresponding.
10. device according to claim 9, is characterized in that, described information display module comprises:
Interface custom block, for user-defined interface;
Information display sub-module, for showing the operation system of described user-accessible by the interface display of described interface custom block definition with agent way.
CN201210333276.2A 2012-09-10 2012-09-10 Digital certificate authentication based service system agent access method and device Pending CN103684770A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210333276.2A CN103684770A (en) 2012-09-10 2012-09-10 Digital certificate authentication based service system agent access method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210333276.2A CN103684770A (en) 2012-09-10 2012-09-10 Digital certificate authentication based service system agent access method and device

Publications (1)

Publication Number Publication Date
CN103684770A true CN103684770A (en) 2014-03-26

Family

ID=50321168

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210333276.2A Pending CN103684770A (en) 2012-09-10 2012-09-10 Digital certificate authentication based service system agent access method and device

Country Status (1)

Country Link
CN (1) CN103684770A (en)

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1477552A (en) * 2003-06-12 2004-02-25 上海格尔软件股份有限公司 Physical certificate cross-application intercommunication method in digital certificate identification system
CN1556449A (en) * 2004-01-08 2004-12-22 中国工商银行 Device and method for proceeding encryption and identification of network bank data
US20070181736A1 (en) * 2000-05-01 2007-08-09 Shaikh Mohammed N S Method and apparatus for remote filing and recordation of documents
CN101026481A (en) * 2006-02-21 2007-08-29 华为技术有限公司 Integrated user safety management method and device
CN101064717A (en) * 2006-04-26 2007-10-31 北京华科广通信息技术有限公司 Safety protection system of information system or equipment and its working method
CN101114367A (en) * 2006-07-25 2008-01-30 阿里巴巴公司 Data processing method and system relates to multi-system
CN101145908A (en) * 2006-09-14 2008-03-19 华为技术有限公司 System, device and method for ensuring business network security
CN101155030A (en) * 2006-09-29 2008-04-02 维豪信息技术有限公司 Network resource integration access method based on registration and authentication
CN201270534Y (en) * 2008-10-17 2009-07-08 曹学文 Authentication system based on wireless multi-hop network technique
CN101686129A (en) * 2008-09-24 2010-03-31 北京创原天地科技有限公司 Novel method for strong safety service and user resource management
CN102271042A (en) * 2011-08-25 2011-12-07 北京神州绿盟信息安全科技股份有限公司 Certificate authorization method, system, universal serial bus (USB) Key equipment and server
CN102420800A (en) * 2010-09-28 2012-04-18 俞浩波 Method, system and authentication terminal for accomplishing service by multi-factor identity authentication
WO2012116543A1 (en) * 2011-03-02 2012-09-07 中兴通讯股份有限公司 Method and system for logging in online bank through mobile phone, and bank server

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070181736A1 (en) * 2000-05-01 2007-08-09 Shaikh Mohammed N S Method and apparatus for remote filing and recordation of documents
CN1477552A (en) * 2003-06-12 2004-02-25 上海格尔软件股份有限公司 Physical certificate cross-application intercommunication method in digital certificate identification system
CN1556449A (en) * 2004-01-08 2004-12-22 中国工商银行 Device and method for proceeding encryption and identification of network bank data
CN101026481A (en) * 2006-02-21 2007-08-29 华为技术有限公司 Integrated user safety management method and device
CN101064717A (en) * 2006-04-26 2007-10-31 北京华科广通信息技术有限公司 Safety protection system of information system or equipment and its working method
CN101114367A (en) * 2006-07-25 2008-01-30 阿里巴巴公司 Data processing method and system relates to multi-system
CN101145908A (en) * 2006-09-14 2008-03-19 华为技术有限公司 System, device and method for ensuring business network security
CN101155030A (en) * 2006-09-29 2008-04-02 维豪信息技术有限公司 Network resource integration access method based on registration and authentication
CN101686129A (en) * 2008-09-24 2010-03-31 北京创原天地科技有限公司 Novel method for strong safety service and user resource management
CN201270534Y (en) * 2008-10-17 2009-07-08 曹学文 Authentication system based on wireless multi-hop network technique
CN102420800A (en) * 2010-09-28 2012-04-18 俞浩波 Method, system and authentication terminal for accomplishing service by multi-factor identity authentication
WO2012116543A1 (en) * 2011-03-02 2012-09-07 中兴通讯股份有限公司 Method and system for logging in online bank through mobile phone, and bank server
CN102271042A (en) * 2011-08-25 2011-12-07 北京神州绿盟信息安全科技股份有限公司 Certificate authorization method, system, universal serial bus (USB) Key equipment and server

Similar Documents

Publication Publication Date Title
Naik et al. Securing digital identities in the cloud by selecting an apposite Federated Identity Management from SAML, OAuth and OpenID Connect
US8532620B2 (en) Trusted mobile device based security
JP6367375B2 (en) System and method for secure communication over a network using linking addresses
US9860064B2 (en) Encrypted password transport across untrusted cloud network
CN102739708B (en) System and method for accessing third party application based on cloud platform
US20140007215A1 (en) Mobile applications platform
US9584523B2 (en) Virtual private network access control
US10257171B2 (en) Server public key pinning by URL
US20140359741A1 (en) Mutually Authenticated Communication
CN103297437A (en) Safety server access method for mobile intelligent terminal
Fotiou et al. Access control for the internet of things
CN107483495A (en) A big data cluster host management method, management system and server
JP2014082638A (en) Virtual network construction system, virtual network construction method, small terminal, and an authentication server
JP2012137975A (en) Relay processor, control method for the same and program
US10033719B1 (en) Mobile work platform for remote data centers
KR101839048B1 (en) End-to-End Security Platform of Internet of Things
US11451517B2 (en) Secure and auditable proxy technology using trusted execution environments
CN107257344B (en) Server access method and system
CN115801345A (en) PKI (public Key infrastructure) -based personal strong password management method and system and electronic equipment
CN111814084A (en) Data access management method, device and system
CN104811421A (en) Secure communication method and secure communication device based on digital rights management
KR101619928B1 (en) Remote control system of mobile
CN107809412A (en) The method and apparatus being decrypted using the website certificate and private key of targeted website
US11804969B2 (en) Establishing trust between two devices for secure peer-to-peer communication
KR20190083160A (en) Module for controlling encryption communication protocol

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20140326

RJ01 Rejection of invention patent application after publication