Communication Encryption and Trusted Identity
Communication between the training-side plugin and the server can establish a protected communication channel through secure transport protocols such as TLS. This mechanism encrypts transmitted content and uses integrity checks to reduce the risk of eavesdropping, tampering, or forgery during network transmission.
- Transmission encryption: Encrypts training status, control results, authentication information, and API call content during transmission.
- Certificate validation: Verifies the authenticity, validity period, and certificate chain of the server certificate when establishing a connection, helping prevent connections to forged services.
- Trusted connection: In scenarios with higher security requirements, mutual certificate authentication can be used to restrict access from unauthorized training-side clients or service nodes.
- Key protection: API KEYs are generated, distributed, and stored through controlled methods to avoid plaintext exposure.
Access Control and Task Isolation
The product applies identity authentication and access authorization mechanisms during access, invocation, and management. The system can configure access control rules based on users, applications, tasks, or tenants, ensuring authenticated entities can access only the APIs, tasks, and alert information they are authorized to use.
- Identity authentication: Confirms the accessing subject through user IDs, API KEYs, tokens, or certificate information.
- Permission separation: Sets access boundaries for different users, tasks, and applications to prevent unauthorized access.
- Illegal request rejection: Rejects requests with unknown identity, invalid credentials, failed certificate validation, or insufficient permissions.
- Multi-task isolation: Maintains monitoring context, alert history, and notification records by task to prevent information from different tasks from being mixed.
Program Delivery and Runtime Protection
To protect the user's training environment and task execution process, and to reduce the risk that core product logic is tampered with, replaced, or maliciously used after delivery, EcoTrain applies modular packaging and delivery protection measures aligned with common industry practices to the training-side plugin and key components. These measures are intended to protect the integrity of product algorithm logic, authentication flows, and key execution paths, prevent abnormal components from affecting training results, leaking sensitive information, or disrupting user training tasks, and provide users with a more trusted, stable, and secure runtime environment.
