CN109600399A - API Access control method and API Access agent apparatus - Google Patents
API Access control method and API Access agent apparatus Download PDFInfo
- Publication number
- CN109600399A CN109600399A CN201910108753.7A CN201910108753A CN109600399A CN 109600399 A CN109600399 A CN 109600399A CN 201910108753 A CN201910108753 A CN 201910108753A CN 109600399 A CN109600399 A CN 109600399A
- Authority
- CN
- China
- Prior art keywords
- access
- user
- information
- preposition
- api
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 238000013475 authorization Methods 0.000 claims abstract description 17
- 230000008859 change Effects 0.000 claims abstract description 11
- 230000007613 environmental effect Effects 0.000 claims abstract description 10
- 230000008569 process Effects 0.000 claims description 26
- 238000001514 detection method Methods 0.000 claims description 22
- 230000005540 biological transmission Effects 0.000 claims description 4
- 230000000903 blocking effect Effects 0.000 claims description 3
- 238000011217 control strategy Methods 0.000 claims description 3
- 230000004044 response Effects 0.000 abstract description 9
- 230000002045 lasting effect Effects 0.000 abstract description 5
- 238000005516 engineering process Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 6
- 238000012550 audit Methods 0.000 description 4
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 238000012502 risk assessment Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000003044 adaptive effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
A kind of API Access control method, applied to field of computer technology, it include: during user's API resource controlled by preposition application access, intercept the access request that user is sent by preposition application, identification the identity information of user, the facility information of terminal of user, the identity information of preposition application and be built-in with preposition application terminal facility information, when the environmental information of user or preposition application change, based on preset access registrar mode and preset access control policy, access request is responded.Disclosed herein as well is a kind of API Access agent apparatus, when the access environment of user changes, carry out lasting authorization decision, and execute response according to the result of decision, enhance the safety of access.
Description
Technical field
The present invention relates to field of computer technology more particularly to a kind of API Access control method and API Access agency's dresses
It sets.
Background technique
With the development of internet, open its application programming interfaces (Application of more and more platforms
Programming Interface, API) it is called for third-party application (application, APP).Existing API Access control
System is that anti-based on static rule asks authentication method control mostly, lacks the adaptive access control based on dynamic access identity,
When accessing the identity variation of main body, it is difficult to perceive in time, makes corresponding response.
Summary of the invention
The main purpose of the present invention is to provide a kind of API Access control method and API Access agent apparatus, when user's
When access environment changes, lasting authorization decision is carried out, and response is executed according to the result of decision, enhance the safety of access
Property.
To achieve the above object, first aspect of the embodiment of the present invention provides a kind of API Access control method, comprising:
During user's API resource controlled by preposition application access, intercepts the user and sent out by preposition application
The access request sent;
Identify the identity information of the user, the facility information of the terminal of the user, the preposition application identity letter
Cease and be built-in with the preposition application terminal facility information;
When the environmental information of the user or preposition application change, based on preset access registrar mode and preset
Access control policy, respond the access request.
Further, described based on preset access registrar mode, responding the access request includes:
The facility information of the terminal of identity information, the user based on the user, the identity of the preposition application are believed
Cease, be built-in with the facility information of the terminal of the preposition application, the context letter of the controlled API resource, the access request
Breath carries out delegated strategy judgement with access control system linkage.
Further, the interception user includes: by the access request that preposition application is sent
According to agreed terms, open visit port.
Further, the interception user includes: by the access request that preposition application is sent
Legitimacy detection is carried out to the access request, the legitimacy detection includes auto-programming detection, malicious access
Detection and request size detection;
Request speed, request connection number, access-hours based on the access request, carry out flow control to access process
System.
Further, the identity information of the identification user, the terminal of the user facility information, described preposition
The identity information of application and the facility information for the terminal for being built-in with the preposition application include:
Authenticate the identity information of the user, the facility information of the terminal of user, the identity information of preposition application and built-in
There is the facility information of the terminal of preposition application;
When the identity information of the user, the facility information of the terminal of user, preposition application identity information and be built-in with
When the facility information of the terminal of preposition application is preset authentication information, access token is obtained, the access token is for accessing
The controlled API resource.
Further, when the access request authorization passes through, then described based on preset access control policy, respond institute
Stating access request includes:
The access request is forwarded according to forwarding strategy, and, the access token is turned as needed
It is transmitted after changing.
Further, when authorization fails for the access request, then described based on preset access control policy, response
The access request includes:
Refuse the access request, or, returning to the information that need to carry out re-authentication to the preposition application;
Further, described based on preset control strategy, responding the access request includes:
When receiving the notification information that the access control system is sent, stop current accessed.
Further, described based on preset access control policy, responding the access request includes:
When the access request is the access request that certification passes through, record certification log, and count the access process
The flowing of access that kind generates.
Second aspect of the embodiment of the present invention provides a kind of API Access agent apparatus, comprising:
Blocking module is logical for during user's API resource controlled by preposition application access, intercepting the user
Cross the access request that preposition application is sent;
Identification module, for identification the identity information of the user, the user terminal facility information, described preposition
The facility information of the identity information of application and the terminal for being built-in with the preposition application;
Respond module, for when the environmental information of the user or preposition application change, based on preset access
Authentication mode and preset access control policy, respond the access request.
From the embodiments of the present invention it is found that API Access control method provided by the invention and API Access agent apparatus,
During user's API resource controlled by preposition application access, the access request that user is sent by preposition application is intercepted,
It identifies the identity information of user, the facility information of terminal of user, the identity information of preposition application and is built-in with preposition application
The facility information of terminal, when the environmental information of user or preposition application change, based on preset access registrar mode and
Preset access control policy, response access request carry out lasting authorization and determine when the access environment of user changes
Plan, and response is executed according to the result of decision, enhance the safety of access.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those skilled in the art without creative efforts, can also basis
These attached drawings obtain other attached drawings.
Fig. 1 is the flow diagram for the API Access control method that one embodiment of the invention provides;
Fig. 2 is the structural schematic diagram for the API Access agent apparatus that one embodiment of the invention provides;
Fig. 3 is another structural schematic diagram for the API Access agent apparatus that further embodiment of this invention provides.
Specific embodiment
In order to make the invention's purpose, features and advantages of the invention more obvious and easy to understand, below in conjunction with the present invention
Attached drawing in embodiment, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described reality
Applying example is only a part of the embodiment of the present invention, and not all embodiments.Based on the embodiments of the present invention, those skilled in the art
Member's every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
In embodiments of the present invention, by taking API Access agent apparatus as an example, API Access agent apparatus is access agent device
Force policy execution point when data service API is accessed, referred to as " API agent ", API agent cooperates with access control system, tests
The facility information of the terminal of access target resource, the identity information of user are demonstrate,proved, realizes the access privilege control of API data interface.
Fig. 1 and Fig. 2 are please referred to, Fig. 1 is the flow diagram for the API Access control method that one embodiment of the invention provides,
Fig. 2 is the structural schematic diagram for the API Access agent apparatus that one embodiment of the invention provides, and is applied to access agent device, the party
Method mainly comprises the steps that
S101, during user's API resource controlled by preposition application access, intercept user sent out by preposition application
The access request sent;
Intercept Interview request, i.e., take over access request, and interception mode includes that DNS is intercepted, browser is intercepted, is based on
The interception of port, IP-based intercept, and gram access registrar mode are avoided to be bypassed.Above-mentioned interception process is as shown in Fig. 2
Access adapter tube.
Further, open port, wherein only opened according to agreed terms by the access main body of authorization identifying
It puts, which includes but is not limited to that port is knocked at the door.The process of the open-ended is that port shown in Fig. 2 hides,
That is the port default is not open, and only Open Dynamic is carried out to the access main body of authorization identifying, to reduce malice port
Scan bring risk.
Further, legitimacy detection is carried out to it, legitimacy detection is carried out to access request, legitimacy detection includes certainly
Dynamic program detection, malicious access detection and request size detection, and the request speed based on access request, request connection number, visit
It asks the period, flow control is carried out to access process.Above-mentioned legitimacy detection process is security hardening shown in Fig. 2.
S102, the identification identity information of user, the facility information of terminal of user, the identity information of preposition application and built-in
There is the facility information of the terminal of preposition application;
Further, authenticate the identity information of user, the facility information of the terminal of user, preposition application identity information and
It is built-in with the facility information of the terminal of preposition application, when the identity information of user, the facility information of the terminal of user, preposition application
Identity information and be built-in with preposition application terminal facility information be preset authentication information when, obtain access token, should
Access token is the object for describing process or thread-safe context, and the information that access token is included is related to user
Process or thread identity and authority information.After user passes through authentication, an access can be generated for user in system
Token.Later, which requests the access token that can all carry the application every time.Above-mentioned verification process is to scheme
Access registrar shown in 2.
Further, identify the identity information of user, the facility information of the terminal of user, preposition application identity information and
It is built-in with the facility information of the terminal of preposition application, identification is carried out to the access main body for the request that accesses, it will be appreciated that,
The access main body refer to the identity information of user, the facility information of the terminal of user, preposition application identity information and be built-in with
The facility information of the terminal of preposition application.
S103, when the environmental information of user or preposition application change, based on preset access control policy, response
The access request.
When preposition application carries access token access api interface, identification access request accesses main body, object and operation,
And contextual information and the access control system linkage of access request carry out delegated strategy judgement.Access main body, that is, user
Identity information, the facility information of the terminal of institute user, preposition application identity information, be built-in with preposition application terminal equipment
Information, object, that is, controlled API resource.Further, the forwarding plan that the request passed through to authorization is notified according to access control system
It is slightly forwarded, including is transmitted after as needed being converted the access token, to the request denied access of authorization failure
Or re-authentication is required, when receiving the notification information of access control system transmission, stop current accessed, that is, the session notified
When safe condition changes, revocation current sessions are forced.Above-mentioned control process is access control shown in Fig. 2.Wherein, for
The process of access request forwarding is access forwarding shown in Fig. 2.
Further, after the completion of entire licensing process, complete au-thorization log, network access traffic statistics etc. are recorded
Information, the including but not limited to identity information of user, the facility information of the terminal of user, the identity information of preposition application and built-in
The facility information for having the terminal of preposition application is the information such as preset authentication information, access time, api interface, flow, and is carried out
Log reports, and is easy to implement and carries out audit and security risk analysis to API Access.The process for wherein counting flowing of access can divide
Not Dui Yingyu access log in Fig. 2 and access audit, also settable interface be used to send log and flow.The interface can example
The interface being attached in for example Fig. 2 with risk trust evaluation system provides log and flow to the system.
In embodiments of the present invention, during user's API resource controlled by preposition application access, it is logical to intercept user
Cross the access request that preposition application is sent, identify the identity information of user, the facility information of the terminal of user, preposition application body
The facility information of part information and the terminal for being built-in with preposition application, when the environmental information of user or preposition application change,
Based on preset access registrar mode and preset access control policy, access request is responded, when the access environment of user occurs
When variation, lasting authorization decision is carried out, and response is executed according to the result of decision, enhance the safety of access.
Referring to Fig. 3, Fig. 3 is another structural schematic diagram for the API Access agent apparatus that further embodiment of this invention provides
The device can be API agent server, the device mainly includes:
Blocking module 201, for intercepting the use during user's API resource controlled by preposition application access
The access request that family is sent by preposition application;
Intercept Interview request, i.e., take over access request, and interception mode includes that DNS is intercepted, browser is intercepted, is based on
The interception of port, IP-based intercept, and gram access registrar mode are avoided to be bypassed.Above-mentioned interception process is as shown in Fig. 2
Access adapter tube.
Further, open port, wherein only opened according to agreed terms by the access main body of authorization identifying
It puts, which includes but is not limited to that port is knocked at the door.The process of the open-ended is that port shown in Fig. 2 hides,
That is the port default is not open, and only Open Dynamic is carried out to the access main body of authorization identifying, to reduce malice port
Scan bring risk.
Further, legitimacy detection is carried out to it, legitimacy detection is carried out to access request, legitimacy detection includes certainly
Dynamic program detection, malicious access detection and request size detection, and the request speed based on access request, request connection number, visit
It asks the period, flow control is carried out to access process.Above-mentioned legitimacy detection process is security hardening shown in Fig. 2.
Identification module 202, for identification the identity information of the user, the user terminal facility information, described
The facility information of the identity information of preposition application and the terminal for being built-in with the preposition application
Further, authenticate the identity information of user, the facility information of the terminal of user, preposition application identity information and
It is built-in with the facility information of the terminal of preposition application, when the identity information of user, the facility information of the terminal of user, preposition application
Identity information and be built-in with preposition application terminal facility information be preset authentication information when, obtain access token, should
Access token is the object for describing process or thread-safe context, and the information that access token is included is related to user
Process or thread identity and authority information.After user passes through authentication, an access can be generated for user in system
Token.Later, which requests the access token that can all carry the application every time.Above-mentioned verification process is to scheme
Access registrar shown in 2.
Further, identify the identity information of user, the facility information of the terminal of user, preposition application identity information and
It is built-in with the facility information of the terminal of preposition application, identification is carried out to the access main body for the request that accesses, it will be appreciated that,
The access main body refer to the identity information of user, the facility information of the terminal of user, preposition application identity information and be built-in with
The facility information of the terminal of preposition application.
Respond module 203, for when the environmental information of the user or preposition application change, based on preset visit
It asks control strategy, responds the access request.
When preposition application carries access token access api interface, identification access request accesses main body, object and operation,
And contextual information and the access control system linkage of access request carry out delegated strategy judgement.Access main body, that is, user
Identity information, the facility information of the terminal of institute user, preposition application identity information, be built-in with preposition application terminal equipment
Information, object, that is, controlled API resource.Further, the forwarding plan that the request passed through to authorization is notified according to access control system
It is slightly forwarded, including is transmitted after as needed being converted the access token, to the request denied access of authorization failure
Or re-authentication is required, when receiving the notification information of access control system transmission, stop current accessed, that is, the session notified
When safe condition changes, revocation current sessions are forced.Above-mentioned control process is access control shown in Fig. 2.Wherein, for
The process of access request forwarding is access forwarding shown in Fig. 2.
Further, after the completion of entire licensing process, complete au-thorization log, network access traffic statistics etc. are recorded
Information, the including but not limited to identity information of user, the facility information of the terminal of user, the identity information of preposition application and built-in
The facility information for having the terminal of preposition application is the information such as preset authentication information, access time, api interface, flow, and is carried out
Log reports, and is easy to implement and carries out audit and security risk analysis to API Access.The process for wherein counting flowing of access can divide
Not Dui Yingyu access log in Fig. 2 and access audit, also settable interface be used to send log and flow.The interface can example
The interface being attached in for example Fig. 2 with risk trust evaluation system provides log and flow to the system.
In embodiments of the present invention, during user's API resource controlled by preposition application access, it is logical to intercept user
Cross the access request that preposition application is sent, identify the identity information of user, the facility information of the terminal of user, preposition application body
The facility information of part information and the terminal for being built-in with preposition application, when the environmental information of user or preposition application change,
Based on preset access registrar mode and preset access control policy, access request is responded, when the access environment of user occurs
When variation, lasting authorization decision is carried out, and response is executed according to the result of decision, enhance the safety of access.
In multiple embodiments provided herein, it should be understood that disclosed device and method can pass through it
Its mode is realized.For example, embodiments described above is only schematical, for example, the division of the module, only
A kind of logical function partition, there may be another division manner in actual implementation, for example, multiple module or components can combine or
Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual
Between coupling or direct-coupling or communication linkage can be through some interfaces, the INDIRECT COUPLING or communication linkage of module can
To be electrically mechanical or other forms.
The module as illustrated by the separation member may or may not be physically separated, aobvious as module
The component shown may or may not be physical module, it can and it is in one place, or may be distributed over multiple
On network module.Some or all of the modules therein can be selected to realize the mesh of this embodiment scheme according to the actual needs
's.
It, can also be in addition, each functional module in each embodiment of the present invention can integrate in a processing module
It is that modules physically exist alone, can also be integrated in two or more modules in a module.Above-mentioned integrated mould
Block both can take the form of hardware realization, can also be realized in the form of software function module.
It should be noted that for the various method embodiments described above, describing for simplicity, therefore, it is stated as a series of
Combination of actions, but those skilled in the art should understand that, the present invention is not limited by the sequence of acts described because
According to the present invention, certain steps can use other sequences or carry out simultaneously.Secondly, those skilled in the art should also know
It knows, the embodiments described in the specification are all preferred embodiments, and related actions and modules might not all be this hair
Necessary to bright.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, there is no the portion being described in detail in some embodiment
Point, it may refer to the associated description of other embodiments.
The above are the descriptions to API Access control method provided by the present invention and API Access agent apparatus, for ability
The those skilled in the art in domain, thought according to an embodiment of the present invention have change in specific embodiments and applications
Place, to sum up, the contents of this specification are not to be construed as limiting the invention.
Claims (10)
1. a kind of API Access control method is applied to access agent device characterized by comprising
During user's API resource controlled by preposition application access, intercept what the user was sent by preposition application
Access request;
Identify the identity information of the user, the facility information of the terminal of the user, the preposition application identity information and
It is built-in with the facility information of the terminal of the preposition application;
When the environmental information of the user or preposition application change, based on preset access registrar mode and preset visit
It asks control strategy, responds the access request.
2. API Access control method according to claim 1, which is characterized in that described based on preset access registrar side
Formula, responding the access request includes:
The facility information of the terminal of identity information, the user based on the user, the preposition application identity information, interior
It is equipped with facility information, the controlled API resource, the contextual information of the access request and the visit of the terminal of the preposition application
Ask that control system linkage carries out delegated strategy judgement.
3. API Access control method according to claim 2, which is characterized in that the interception user passes through preposition
Include: using the access request of transmission
According to agreed terms, open visit port.
4. API Access control method according to claim 3, which is characterized in that the interception user passes through preposition
Include: using the access request of transmission
Legitimacy detection is carried out to the access request, the legitimacy detection includes auto-programming detection, malicious access detection
With request size detection;
Request speed, request connection number, access-hours based on the access request, carry out flow control to access process.
5. API Access control method according to any one of claims 1 to 4, which is characterized in that the identification use
The identity information at family, the facility information of the terminal of the user, the preposition application identity information and be built-in with described preposition
The facility information of the terminal of application includes:
Authenticate the identity information of the user, the facility information of the terminal of user, the identity information of preposition application and before being built-in with
Set the facility information of the terminal of application;
When the identity information of the user, the facility information of the terminal of user, preposition application identity information and be built-in with preposition
When the facility information of the terminal of application is preset authentication information, access token is obtained, the access token is described for accessing
Controlled API resource.
6. API Access control method according to claim 5, which is characterized in that when the access request authorization passes through,
Then described based on preset access control policy, responding the access request includes:
The access request is forwarded according to forwarding strategy, and, after the access token is converted as needed
Transmitting.
7. API Access control method according to claim 6, which is characterized in that when authorization fails for the access request
When, then described based on preset access control policy, responding the access request includes:
Refuse the access request, or, returning to the information that need to carry out re-authentication to the preposition application.
8. API Access control method according to claim 7, which is characterized in that described based on preset access control plan
Slightly, responding the access request includes:
When receiving the notification information that the access control system is sent, stop current accessed.
9. API Access control method according to claim 8, which is characterized in that described based on preset access control plan
Slightly, responding the access request includes:
When the access request is the access request that certification passes through, record certification log, and count the access process kind and produce
Raw flowing of access.
10. a kind of API Access agent apparatus characterized by comprising
Blocking module intercepts before the user passes through for during user's API resource controlled by preposition application access
It sets using the access request sent;
Identification module, for identification identity information of the user, the facility information of the terminal of the user, the preposition application
Identity information and be built-in with the preposition application terminal facility information;
Respond module, for when the environmental information of the user or preposition application change, based on preset access registrar
Mode and preset access control policy, respond the access request.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910108753.7A CN109600399A (en) | 2019-02-02 | 2019-02-02 | API Access control method and API Access agent apparatus |
| CN201910693985.3A CN110300125B (en) | 2019-02-02 | 2019-07-29 | API access control method and API access proxy device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910108753.7A CN109600399A (en) | 2019-02-02 | 2019-02-02 | API Access control method and API Access agent apparatus |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109600399A true CN109600399A (en) | 2019-04-09 |
Family
ID=65967201
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910108753.7A Pending CN109600399A (en) | 2019-02-02 | 2019-02-02 | API Access control method and API Access agent apparatus |
| CN201910693985.3A Active CN110300125B (en) | 2019-02-02 | 2019-07-29 | API access control method and API access proxy device |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910693985.3A Active CN110300125B (en) | 2019-02-02 | 2019-07-29 | API access control method and API access proxy device |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN109600399A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109981684A (en) * | 2019-04-12 | 2019-07-05 | 浙江中烟工业有限责任公司 | A kind of implementation method based on application proxy coutroi velocity |
| CN110049046A (en) * | 2019-04-19 | 2019-07-23 | 北京奇安信科技有限公司 | Access control method, terminal, server and system |
| CN112311788A (en) * | 2020-10-28 | 2021-02-02 | 北京锐安科技有限公司 | Access control method, device, server and medium |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110851456B (en) * | 2019-11-08 | 2022-03-29 | 北京字节跳动网络技术有限公司 | Information processing method, electronic equipment and storage medium |
| CN112637026B (en) * | 2020-12-21 | 2022-11-29 | 厦门亿联网络技术股份有限公司 | Access forwarding method and system for global service request |
| CN113420312B (en) * | 2021-07-08 | 2022-04-26 | 山东浪潮超高清视频产业有限公司 | Method for dynamically controlling API interface access |
| CN114329602B (en) * | 2021-12-30 | 2024-06-25 | 奇安信科技集团股份有限公司 | Access control method, server, electronic equipment and storage medium |
| CN115348035A (en) * | 2022-08-17 | 2022-11-15 | 中国电信股份有限公司 | Access request processing method and device, storage medium and electronic equipment |
| CN116132198B (en) * | 2023-04-07 | 2023-07-25 | 杭州海康威视数字技术股份有限公司 | Internet of things privacy behavior sensing method and device based on lightweight context semantics |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102340493A (en) * | 2010-07-21 | 2012-02-01 | 中兴通讯股份有限公司 | Access control method and gateway |
| CN103020498B (en) * | 2012-11-19 | 2016-06-22 | 广东亚仿科技股份有限公司 | A kind of intelligent dynamic mandatory control method and system |
| US9432375B2 (en) * | 2013-10-10 | 2016-08-30 | International Business Machines Corporation | Trust/value/risk-based access control policy |
| CN104811465B (en) * | 2014-01-27 | 2018-06-01 | 电信科学技术研究院 | The decision-making technique and equipment of a kind of access control |
| CN104639650B (en) * | 2015-02-27 | 2018-07-31 | 新华三技术有限公司 | A kind of fine granularity distributed interface access control method and device |
| US10129255B1 (en) * | 2017-05-12 | 2018-11-13 | International Business Machines Corporation | Device authentication with MAC address and time period |
| CN107704765A (en) * | 2017-08-28 | 2018-02-16 | 深圳市诚壹科技有限公司 | A kind of interface access method, server and computer-readable recording medium |
-
2019
- 2019-02-02 CN CN201910108753.7A patent/CN109600399A/en active Pending
- 2019-07-29 CN CN201910693985.3A patent/CN110300125B/en active Active
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109981684A (en) * | 2019-04-12 | 2019-07-05 | 浙江中烟工业有限责任公司 | A kind of implementation method based on application proxy coutroi velocity |
| CN110049046A (en) * | 2019-04-19 | 2019-07-23 | 北京奇安信科技有限公司 | Access control method, terminal, server and system |
| CN112311788A (en) * | 2020-10-28 | 2021-02-02 | 北京锐安科技有限公司 | Access control method, device, server and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110300125A (en) | 2019-10-01 |
| CN110300125B (en) | 2022-07-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109600399A (en) | API Access control method and API Access agent apparatus | |
| US8984621B2 (en) | Techniques for secure access management in virtual environments | |
| US7320141B2 (en) | Method and system for server support for pluggable authorization systems | |
| McDaniel | On context in authorization policy | |
| AU2023223007A1 (en) | Secure online access control to prevent identification information misuse | |
| US20140130142A1 (en) | Method and Cloud Security Framework for Implementing Tenant License Verification | |
| Maksutov et al. | Detection and prevention of DNS spoofing attacks | |
| CN112383535B (en) | Method and device for detecting Hash transfer attack behavior and computer equipment | |
| CN110365684B (en) | Access control method and device for application cluster and electronic equipment | |
| Lynch | A White Paper on the Authentication and Access Management Issues in Cross-organizational Use of Networked Information Resources | |
| US12061686B2 (en) | Pre-registration of authentication devices | |
| US11595372B1 (en) | Data source driven expected network policy control | |
| WO2009099708A1 (en) | Activation by trust delegation | |
| CN109218329A (en) | A kind of method and system authenticated using NetData-Auth user authentication frame | |
| Phumkaew et al. | Android forensic and security assessment for hospital and stock-and-trade applications in thailand | |
| US11146544B2 (en) | Emulation of federative authentication | |
| Helmschmidt | Security Analysis of the Grant Negotiation and Authorization Protocol | |
| Jensen et al. | Policy expression and enforcement for handheld devices | |
| EP1924945A2 (en) | Method for improving the trustworthiness of electronic devices and data carrier therefor | |
| Rao et al. | A study of network attacks and features of secure protocols | |
| Tiwari | Securing Shared Network Functions in 5G: Preventing Unauthorized Slice Access | |
| US20230385207A1 (en) | Methods and apparatus for communication between processing circuitry and a peripheral device | |
| Pardakhe et al. | Consortium-Based Algorithm for Access Control and Pattern Analysis Models | |
| Singh et al. | Data Security in Local Network through Distributed Firewalls: A Review | |
| CN116405266A (en) | Trust evaluation method and system based on zero trust alliance system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190409 |