Decentralized tokenization technologies
US-2021217001-A1 · Jul 15, 2021 · US
Blockchain-based method and system for SDP access control
US12355901B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12355901-B2 |
| Application number | US-202118259795-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 30, 2021 |
| Priority date | Jan 4, 2021 |
| Publication date | Jul 8, 2025 |
| Grant date | Jul 8, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Provided in embodiments of the present disclosure are a blockchain-based method and system for SDP access control. An SDP connection accepting host transmits information of the SDP connection accepting host and a supported connection policy to a blockchain system node, performs blockchain node verification and consensus, and records in a blockchain ledger; an SDP connection initiating host submits an identity authentication request to the blockchain system node; the blockchain system node verifies information of the identity authentication request, and searches for a list of SDP connection accepting hosts accessible to the SDP connection initiating host, and returns to the SDP connection initiating host; the SDP connection initiating host initiates a connection request, the connection request comprising a signature of the blockchain system node with respect to the SDP connection accepting hosts; the SDP connection accepting host verifies the connection request initiated by the SDP connection initiating host and provides an access service upon successful verification. The embodiments of the present disclosure prevent an SDP controller from coming under a DDoS attack and prevent the SDP controller from implementing an incorrect authorization.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for blockchain-based access control of Software Defined Perimeter (SDP), comprising: transmitting, by an SDP connection accepting host, to-be-verified information to a blockchain system node, the to-be-verified information comprising host information and a supported connection policy of the SDP connection accepting host, so that the to-be-verified information will be verified by the blockchain system node, and be recorded into a blockchain ledger after the verification is successful, wherein the host information of the SDP connection accepting host comprises at least one of: an Internet Protocol (IP) address, a port, or protocol information; and the supported connection policy comprises at least one of: a login identity (ID), an IP address and a geographic location of an access user, or a blockchain node verification or endorsement policy; receiving, by the SDP connection accepting host, a connection request transmitted by an SDP connection initiating host, the connection request comprising signature information made by the blockchain system node for the SDP connection accepting host in a list of SDP connection accepting hosts, wherein the signature information made by the blockchain system node for the SDP connection accepting host in the list of SDP connection accepting hosts comprises signatures made by one or more blockchain system nodes determined according to the blockchain node verification or endorsement policy; and verifying, by the SDP connection accepting host, the signature information according to the supported connection policy when the SDP connection accepting host is in the list of SDP connection accepting hosts, and transmitting, by the SDP connection accepting host, a request response to the SDP connection initiating host after the verification is successful. 2. The method for blockchain-based access control of SDP of claim 1 , wherein the to-be-verified information further comprises a signature of the SDP connection accepting host for the host information and the supported connection policy. 3. A Software Defined Perimeter (SDP) connection accepting host for implementing the method of claim 1 , comprising a processor and a memory having stored thereon a program executable on the processor, wherein the processor is configured to execute the program stored in the memory to perform steps of the method. 4. A method for blockchain-based access control of Software Defined Perimeter (SDP), comprising: receiving, by a blockchain system node, to-be-verified information transmitted by an SDP connection accepting host, the to-be-verified information comprising host information and a supported connection policy of the SDP connection accepting host; verifying, by the blockchain system node, the to-be-verified information and recording the information into a blockchain ledger after the verification is successful; receiving, by the blockchain system node, an identity authentication request submitted by an SDP connection initiating host; and verifying, by the blockchain system node, the identity authentication request, searching in a blockchain, by the blockchain system node, for a list of SDP connection accepting hosts accessible to the SDP connection initiating host after the verification is successful, and returning, by the blockchain system node, the list of SDP connection accepting hosts to the SDP connection initiating host, wherein when the SDP connection initiating host signs a timestamp with its own private key in the identity authentication request, verifying, by the blockchain system node, the identity authentication request comprises: verifying, by the blockchain system node, a signature and timestamp submitted by the SDP connection initiating host. 5. The method for blockchain-based access control of SDP of claim 4 , wherein the to-be-verified information further comprises a signature of the SDP connection accepting host for the host information and the supported connection policy. 6. The method for blockchain-based access control of SDP of claim 4 , wherein when the identity authentication request comprises a Key Derivation Function (KDF) or encrypted information of the KDF with a public key of an authentication node, verifying, by the blockchain system node, the identity authentication request further comprises: verifying, by the blockchain system node, whether the KDF is correct. 7. The method for blockchain-based access control of SDP of claim 4 , wherein when the identity authentication request comprises a token or encrypted information of the token with a public key of an authentication node, verifying, by the blockchain system node, the identity authentication request further comprises: verifying, by the blockchain system node, whether the token is correct. 8. A blockchain system node for implementing the method of claim 4 , comprising a processor and a memory having stored thereon a program executable on the processor, wherein the processor is configured to execute the program stored in the memory to perform steps of the method. 9. A method for blockchain-based access control of Software Defined Perimeter (SDP), comprising: transmitting, by an SDP connection initiating host, an identity authentication request to a blockchain system node; receiving, by the SDP connection initiating host, a list of SDP connection accepting hosts accessible to the SDP connection initiating host transmitted by the blockchain system node; transmitting, by the SDP connection initiating host, a connection request to an SDP connection accepting host in the list of SDP connection accepting hosts, the connection request comprising signature information made by the blockchain system node for the SDP connection accepting host in the list of SDP connection accepting hosts, wherein the signature information made by the blockchain system node for the SDP connection accepting host in the list of SDP connection accepting hosts comprises signatures made by one or more blockchain system nodes determined according to a blockchain node verification or endorsement policy; and receiving, by the SDP connection initiating host, a request response transmitted by the SDP connection accepting host. 10. The method for blockchain-based access control of SDP of claim 9 , wherein the SDP connection initiating host signs a timestamp with its own private key in the identity authentication request. 11. The method for blockchain-based access control of SDP of claim 9 , wherein when the SDP connection initiating host and an authentication node share a user name and secret information, the identity authentication request comprises a KDF or encrypted information of the KDF with a public key of the authentication node. 12. The method for blockchain-based access control of SDP of claim 9 , wherein when the SDP connection initiating host has a token provided by an authentication node the identity authentication request comprises the token or encrypted information of the token with a public key of the authentication node. 13. A Software Defined Perimeter (SDP) connection initiating host for implementing the method of claim 9 , comprising a processor and a memory having stored thereon a program executable on the processor, wherein the processor is configured to execute the program stored in the memory to perform steps of the method.
Assignees
Inventors
Classifications
using hash chains, e.g. blockchains or hash trees · CPC title
Generation of secret information including derivation or calculation of cryptographic keys or passwords · CPC title
- H04L9/3297Primary
involving time stamps, e.g. generation of time stamps · CPC title
involving digital signatures · CPC title
by securing the transmission between two devices or processes · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12355901B2 cover?
- Provided in embodiments of the present disclosure are a blockchain-based method and system for SDP access control. An SDP connection accepting host transmits information of the SDP connection accepting host and a supported connection policy to a blockchain system node, performs blockchain node verification and consensus, and records in a blockchain ledger; an SDP connection initiating host subm…
- Who is the assignee on this patent?
- China Mobile Communications Group Co Ltd, China Mobile Comm Co Ltd Res Inst
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3297. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 08 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).