Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Safety detecting method and purview control system for client terminal

A technology of security detection and authority control, which is applied in the field of communication security, can solve problems such as difficult maintenance, inconsistency, and authorization errors for administrators, and achieve the effects of improving work efficiency, facilitating maintenance, and increasing the success rate

Active Publication Date: 2009-11-25
NEW H3C SECURITY TECH CO LTD
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For example: in practical applications, if the client needs to access resources with low security requirements during a certain login, it only needs to meet some login detection conditions at this time, and the existing technology does not consider the resources accessed by the client. Individual Security Requirements
[0015] 2. The login detection sequence and resource protection policy are configured separately, which may cause inconsistencies between the two, resulting in failure of the client to access resources
For example, firewall detection is not included in the login detection sequence, but the protection policy set for a certain resource requires that the firewall is running. At this time, the permission control system cannot find information about whether the firewall is running in the login detection results. Therefore, even if The firewall is running, and the permission control system will also deny the client access to the resource
[0016] 3. The security of the client host needs to be checked twice, that is, a security check is required when logging in, and a protection policy check is also required when accessing specific resources, which reduces the work efficiency of the authority control system
[0017] 4. The login detection sequence is long, and it is difficult for administrators to maintain
[0018] 5. Failure to respond to changes in client host security and new requirements of the authority control system in a timely manner may cause authorization errors
The existing technology only checks the security of the client once when the client logs in. When the client is online for a long time, the status of a certain login security sequence of the client may change. For example: the firewall changes from running to non-running, or, The authority control system has changed the protection policy for a certain resource. At this time, the authority control system still authorizes the client according to the original login detection result or resource protection policy, which will cause authorization errors.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Safety detecting method and purview control system for client terminal
  • Safety detecting method and purview control system for client terminal
  • Safety detecting method and purview control system for client terminal

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0048] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0049] figure 2 It is a flow chart of performing security detection on the client provided by the embodiment of the present invention, such as figure 2 As shown, the specific steps are as follows:

[0050] Step 201: The authority control system presets at least one security evaluation strategy, such as image 3 As shown, each security assessment strategy includes at least one detection class, and each detection class includes at least one detection object, each detection object corresponds to its own detection attribute, a security level is set for each security assessment strategy, and each security Evaluation policies set a list of accessible resources.

[0051] The detection class refers to the target object for security detection on the client, such as image 3 As shown, it may include: operating system detection category, b...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a security detection method for a client, which includes: presetting at least one security assessment strategy, when the authority control system receives a login request from the client, selects a preset security assessment strategy, and obtains The terminal extracts all the detection attributes of each detection class of the security assessment strategy. If all the attributes of each detection class extracted match all the detection attributes of one of the detection objects of the corresponding detection class set in advance, it is determined that the client passes the test. Security detection; the present invention also discloses an authority control system, including: a security evaluation policy setting module and a security detection module. The invention enables the client to log into the authority control system as long as it passes the security detection of any security assessment strategy, thereby improving the success rate of the client access authority control system.

Description

technical field [0001] The invention relates to the technical field of communication security, in particular to a client security detection method and an authority control system. Background technique [0002] At present, the control technologies for user permissions are mainly divided into two categories: user role-based permission control and user device security-based permission control. Their corresponding authorization methods are: role-based authorization (role-based) and client-based authorization. Authorization for end-host security (host-based), where: [0003] Role-based authorization: Divide users into different groups or roles, each group or role can access different resources, and then authorize users according to the groups to which they belong. This type of authorization is also called static authorization; [0004] Authorization based on client host security: Authorize users based on the security status of their devices. This type of authorization is also ca...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/32H04L29/06
Inventor 雷公武薛明梁鹏
Owner NEW H3C SECURITY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com