Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Safety detecting method and purview control system for client terminal

A technology of authority control and security detection, which is applied in the field of communication security, can solve problems such as inconsistency, difficult maintenance by administrators, authorization errors, etc., and achieve the effects of easy maintenance, improved success rate, and improved work efficiency

Active Publication Date: 2007-02-28
NEW H3C SECURITY TECH CO LTD
View PDF0 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For example: in practical applications, if the client needs to access resources with low security requirements during a certain login, it only needs to meet some login detection conditions at this time, and the existing technology does not consider the resources accessed by the client. Individual Security Requirements
[0015] 2. The login detection sequence and resource protection policy are configured separately, which may cause inconsistencies between the two, resulting in failure of the client to access resources
For example, firewall detection is not included in the login detection sequence, but the protection policy set for a certain resource requires that the firewall is running. At this time, the permission control system cannot find information about whether the firewall is running in the login detection results. Therefore, even if The firewall is running, and the permission control system will also deny the client access to the resource
[0016] 3. The security of the client host needs to be checked twice, that is, a security check is required when logging in, and a protection policy check is also required when accessing specific resources, which reduces the work efficiency of the authority control system
[0017] 4. The login detection sequence is long, and it is difficult for administrators to maintain
[0018] 5. Failure to respond to changes in client host security and new requirements of the authority control system in a timely manner may cause authorization errors
The existing technology only checks the security of the client once when the client logs in. When the client is online for a long time, the status of a certain login security sequence of the client may change. For example: the firewall changes from running to non-running, or, The authority control system has changed the protection policy for a certain resource. At this time, the authority control system still authorizes the client according to the original login detection result or resource protection policy, which will cause authorization errors.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Safety detecting method and purview control system for client terminal
  • Safety detecting method and purview control system for client terminal
  • Safety detecting method and purview control system for client terminal

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0048] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0049] Fig. 2 is a flow chart of performing security detection on the client provided by the embodiment of the present invention. As shown in Fig. 2, the specific steps are as follows:

[0050] Step 201: The authority control system pre-sets at least one security assessment strategy, as shown in Figure 3, each security assessment strategy includes at least one detection class, each detection class includes at least one detection object, and each detection object corresponds to its own detection Attributes, set a security level for each security assessment policy, and set an accessible resource list for each security assessment policy.

[0051] The detection class refers to the target object for security detection of the client, as shown in Figure 3, which may include: operating system detection class, browser detection class, firewall...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a client safety detecting method, which comprises that presetting at least one safety evaluation algorism; when the priority control system receives the access request of client, it selects a preset safety evaluation algorism, to extract all detecting characters of each detecting type of said algorism from said client; if all characters are matched with the detecting characters of one detecting object, judging said client passes the safety detection. The invention also discloses a relative priority control system, which comprises that the safety evaluation algorism setting module and safety detecting module. Therefore, the client can access the priority control system only by passing the safety detection of any one safety evaluation algorism, to improve the success rate.

Description

technical field [0001] The invention relates to the technical field of communication security, in particular to a client security detection method and an authority control system. Background technique [0002] At present, the control technologies for user permissions are mainly divided into two categories: user role-based permission control and user device security-based permission control. Their corresponding authorization methods are: role-based authorization (role-based) and client-based authorization. Authorization for end-host security (host-based), where: [0003] Role-based authorization: Divide users into different groups or roles, each group or role can access different resources, and then authorize users according to the groups to which they belong. This type of authorization is also called static authorization; [0004] Authorization based on client host security: Authorize users based on the security status of their devices. This type of authorization is also ca...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/32H04L29/06
Inventor 雷公武薛明梁鹏
Owner NEW H3C SECURITY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com