Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Two-step authentication auditing system based on SSHCertificate and LDAP

An authentication and permission technology, applied in the field of server security, can solve problems such as inability to meet high customization, achieve the effect of improving security and convenience, great flexibility, and ensuring usability

Active Publication Date: 2020-11-17
HANGZHOU VISION INSIGHT TECH CO LTD
View PDF8 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In addition, for different departments or groups in the same company / organization, it is hoped to isolate or differentiate the use of bastion hosts, and provide combined authentication capabilities for personnel across departments / groups. The original SSH system basically cannot meet the above highly customized requirements.
[0006] At the same time, the current hybrid cloud platform of public cloud / private cloud may involve the deployment of online business systems across countries or even across continents. The simple point-to-point authentication method cannot achieve stable security and availability guarantees in such a complex network situation and hybrid cloud environment.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Two-step authentication auditing system based on SSHCertificate and LDAP

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0026] see figure 1 , the present invention provides a technical solution: a two-step authentication audit system based on SSH Certificate and LDAP, comprising the following steps;

[0027] Step (1): When the domain administrator creates a user on the domain (or LDAP) server, create the corresponding ObjectClass attribute for the user to store the sshpublickey and Role information, and fill in the corresponding user public key and the permissions that the user...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a two-step authentication auditing system based on SSH Certificate and LDAP. The two-step authentication auditing system based on SSH Certificate and LDAP comprises the following steps: step (1), when a domain administrator creates a user in a domain (or LDAP) server, creating a corresponding ObjectClass attribute for the user to store sshpublickey and Role information, filling a corresponding user public key and a role corresponding to an authority which can be obtained by the user, and due to safety consideration, only inputting a public key pair based on an ED25519 algorithm by internal requirements, and the domain administrator audits the public key security algorithm and the authority corresponding to the role. According to the system, the instability of loginauthentication service is greatly improved, all subsequent authentication passes through a digital signature mode after internal authentication is completed, a third-party system is not involved during transnational network server authentication, the availability of the whole service is ensured as much as possible, and after authentication is completed in the VPN network of the OA, the limitationof the VPN can be broken away in a short time, the influence of the fault of the OA system is avoided, and higher flexibility is provided.

Description

technical field [0001] The invention relates to the technical field of server security, in particular to a two-step authentication and auditing system based on SSH Certificate and LDAP. Background technique [0002] SSH is a remote management service for Unix / Linux servers. Commonly used login authentication methods are only passwords and public / private keys for user authentication. Among them, the password method has defects such as easy leakage and dissemination, difficult control, and low security. [0003] The public key / key method has high security, but in large-scale servers, the management is aimed at IT / operation and maintenance management personnel changes, and the cost of updating and replacing is relatively high, and systems such as bastion hosts also have security loopholes and hidden dangers. The vulnerability itself leads to the leakage of the private key, which will lead to the complete exposure of the server. [0004] At the same time, the company / organizat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/08H04L9/30H04L9/32
CPCH04L9/3263H04L9/30H04L9/088
Inventor 高峰
Owner HANGZHOU VISION INSIGHT TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com