CN100352220C - Safety access method based on dynamic host configuration arrangment and network gate verification - Google Patents
Safety access method based on dynamic host configuration arrangment and network gate verification Download PDFInfo
- Publication number
- CN100352220C CN100352220C CNB2004100915399A CN200410091539A CN100352220C CN 100352220 C CN100352220 C CN 100352220C CN B2004100915399 A CNB2004100915399 A CN B2004100915399A CN 200410091539 A CN200410091539 A CN 200410091539A CN 100352220 C CN100352220 C CN 100352220C
- Authority
- CN
- China
- Prior art keywords
- broadband access
- client
- ipsec
- described client
- access equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The present invention relates to an IPSEC safety access method based on DHCP+WEB PORTAL authentication. The management of IPSEC safety service and policy is enabled at a DHCP client terminal, and the safety policy management of the IPSEC safety service and an access user is enabled on a broadband access device. An IPSEC safety policy is created after an IP address is obtained by the client terminal, and a data packet of an HTTP protocol between the broadband access device and an authentication server is not protected. The broadband access device judges whether an IPSEC function is enabled or not according to an authentication result after the client terminal passes the authentication, if the IPSEC function is enabled, the IPSEC safety policy of which the adoption is determined by IPSEC attribute is picked up, and IKE negotiation between the broadband access device and the client terminal is triggered so as to generate IPSEC safety association, and thus, an outgoing IP packet between the client terminal and the broadband access device is encrypted. An established IPSEC tunnel is destroyed after a client is off-line. Business which can be operated and managed based on IPSEC safety access is realized by the method of the present invention.
Description
Technical field
The present invention relates to the safety access method of broadband LAN, relate in particular to IP security protocol (IPSEC) safety access method based on dynamic host configuration arrangment and network gate (DHCP+WEB PORTAL) authentication.
Background technology
Along with the fast development of WLAN (wideband wireless local area network) technology, the range of application of WLAN is more and more wider, and the user is more and more, and WEP (wired equivalent privacy) technology that the WLAN Radio Link is adopted can not effectively ensure user's information security.In order to promote the WLAN broad application, press for the safety problem that solves Radio Link.
At present, solve the safety problem of Radio Link, except adopting the safety measure based on the MAC/LLC layer, more effective means adopt IP-based secure vpn (VPN) technology-IPSEC VPN (IP security protocol VPN) technology exactly.Adopt the IPSEC technology, between STA (end station) side and broadband access equipment, make up escape way based on tunnel mode, means such as application encipher, authentication, signature will improve the security performance of WLAN subscriber data traffic greatly, solve the safety problem that WLAN inserts the user well.
But at present the IPSEC technology is used to be mainly used in and is set up secure vpn on the public network, the IP security protocol VPN is not brought into foundation can be runed, on the manageable access service.For example, when the employing of current operator realizes that based on DHCP+WEB PORTAL authentication mode the wideband wireless local area network user inserts, how user's IPSEC VPN demand and user's authentication, charging etc. are connected, to realize IPSEC safety access, become the key of IPSEC safety access service operation based on DHCP+WEB PORTAL authentication mode.
Summary of the invention
The technical problem to be solved in the present invention provides a kind of safety access method based on dynamic host configuration arrangment and network gate verification, can realize inserting based on the IPSEC safety of DHCP+WEB PORTAL authentication.
In order to solve the problems of the technologies described above, the invention provides a kind of safety access method based on dynamic host configuration arrangment and network gate verification, may further comprise the steps:
(a) network gateway access authentication, IP security protocol security service and access-in user safety tactical management are enabled in the security service and the tactical management of enabling IP security protocol in the client that adopts DHCP on coupled broadband access equipment;
(b) after described client dynamically obtains the IP address from described broadband access equipment, according to the IP security protocol security strategy of this IP address creation, described client is not protected to the http data bag between described broadband access equipment, radius server based on tunnel mode;
(c) described client is initiated the network gateway authentication request, and after authentication, radius server returns the authentication result that comprises this client ip security protocol attribute information to described broadband access equipment;
(d) described broadband access equipment extracts the IP security protocol attribute of this client according to described authentication result basis, enable the IP security protocol security strategy that IP security protocol function and decision are adopted, and the negotiation of the Internet Key Exchange between triggering and the described client, to generate the IP security protocol security association;
(e) described client is encrypted the IP bag that sends to external equipment by described broadband access equipment, and described broadband access equipment is encrypted the IP bag that is forwarded to described client, and is forwarded to destination device after the IP bag deciphering that described client is sent;
(f) after described client rolled off the production line, described broadband access equipment was destroyed the IP security protocol tunnel with described client.
Further, above-mentioned safety access method also can have following characteristics: described access is meant the access of wideband wireless local area network.
Further, above-mentioned safety access method also can have following characteristics: radius server charges according to user's the information that comprises the IP security protocol attribute after generating the IP security protocol security association, and stops to charge after described client rolls off the production line.
Further, above-mentioned safety access method also can have following characteristics: described client consults to be configured to the initiatively mode of negotiation with the Internet Key Exchange, and simultaneously, described step (e) is further divided into following steps:
When (e11) described client is visited external equipment by described broadband access equipment, judge whether to have set up the IP security protocol tunnel earlier,, carry out next step if do not set up, otherwise, execution in step (e13);
(e12) the Internet Key Exchange between described client triggering and described broadband access equipment is consulted the IP security protocol security association between generation and described broadband access equipment;
(e13) described client is wrapped to the safe IP that has encrypted that described broadband access equipment is sent to external equipment, is forwarded to external equipment after the described broadband access equipment deciphering;
(e14) described broadband access equipment wraps the IP that external equipment mails to described client, is forwarded to described client after the encryption again.
Further, above-mentioned safety access method also can have following characteristics: the mode that described client consults to be configured to passive negotiation with the Internet Key Exchange, and simultaneously, described step (e) is further divided into following steps:
When (e21) described client is visited external equipment by described broadband access equipment, judge whether to have set up the IP security protocol tunnel earlier,, directly send the clear data bag, carry out next step if do not set up, otherwise, execution in step (e23);
(e22) after described broadband access equipment is received the clear data bag that described client sends, if be checked through and described client between the IP security protocol tunnel do not set up, then the Internet Key Exchange between triggering and described client is consulted once more, the IP security protocol security association between generation and described client;
(e23) described client is wrapped to the safe IP that has encrypted that described broadband access equipment is sent to external equipment, is forwarded to external equipment after the described broadband access equipment deciphering;
(e24) described broadband access equipment wraps the IP that external equipment mails to described client, is forwarded to described client after the encryption again.
As from the foregoing; the present invention is directed to broadband user's access scheme based on DHCP+WEB PORTAL authentication; in broadband access equipment; realize between DHCP user and broadband access equipment secure vpn cut-in method according to WEB PORTAL authentication result based on the IPSEC tunnel mode; thereby protect the wide band access user network information security of (comprising that WLAN inserts the user) to greatest extent; but realized runing management service, for broadband user's's (comprising WLAN user) safety access provides good solution based on what IPSEC safety inserted.
Description of drawings
Fig. 1 is the INTERNET access network figure of embodiment of the invention enterprise.
Fig. 2 is the process chart of embodiment of the invention broadband access.
Embodiment
The runing of IPSEC VPN, manageable target are as DHCP user when authentication is not passed through; can not pass through the broadband access equipment visit external network of ISP (network insertion service provider), can not and broadband access equipment set up the IPSEC secure tunnel with the network data flow between protection DHCP user and other users.When DHCP user by land WEB PORTAL server authenticate pass through after; broadband access equipment will be protected policy attribute according to the IPSEC that authentication result is returned, and select whether to trigger IKE (the Internet Key Exchange) and will consult, to set up IPSEC protection tunnel; simultaneously, also charge accordingly.When user offline, remove the IPSEC tunnel of having set up, and stop to charge.Thereby realize the operation of WLAN user's IPSEC safety access service.To be elaborated to the inventive method with an embodiment below.
Certain large enterprise need insert internal network user (comprising WLAN user) among the INTERNET, in order to simplify the management of butt joint access customer, adopted the user access method of DHCP+WEB PORTAL, as shown in Figure 1, this system comprises dhcp client, ZXR10 broadband access equipment, INTERNET net and RADIUS (remote authentication dial-up access user service), ftp server etc., and wherein WEB PORTAL server is built in the ZXR10 broadband access equipment.
Suppose that certain DHCP (DHCP) user need visit INTERNET, in order to guarantee DHCP user, particularly, need between DHCP user and ZXR10 broadband access equipment, set up the IPSEC secure tunnel based on the DHCP user of WLAN and the IP communication security between the ZXR10 broadband access equipment.For provide convenience, fast, safely, can run, manageable IPSEC safety inserts means, present embodiment carries out following improvement to original system:
In dhcp client resident " IPSEC security service " and " IPSEC tactical management " software module.Wherein:
" IPSEC security service " module is used to the IPSEC protocol related function of the standard that realizes, comprises realizing IKE IKE (the Internet Key Exchange) function and IPSEC encryption and decryption functions.To adopting the client of WINDOWS operating system, can adopt its " IPSEC security service " software that carries to realize, adopt the client of other operating systems that " IPSEC security service " accordingly software need be installed.
" IPSEC tactical management " module is used for the IP address that is assigned to according to DHCP user, and dynamic creation is based on the security strategy (need use the IP address information) of the IPSEC of tunnel mode, and the IPSEC security strategy of present embodiment comprises following content:
(1) the http data bag between dhcp client and broadband access equipment, WEB PORTAL server does not use the IPSEC protection; thereby bypass packets such as DHCP user's WEB PORTAL authentication, the request of rolling off the production line; guarantee normally carrying out of processes such as WEB PORTAL authenticates, rolls off the production line, this rule must comprise.
(2) configuring IPSEC protection strategy is initiatively to consult or passive negotiation; the ike negotiation of adopting passive negotiation can avoid dhcp client before authentication, may initiate; produce extra illegal ike negotiation flow; but dhcp client may be before not consulting available IPSEC security strategy; can send the clear data bag to the outside, cause unsafe factor.Adopt when initiatively consulting, dhcp client will trigger ike negotiation with generation IPSEC security strategy before not consulting available IPSEC security strategy, and then sends encrypted packets to the outside, can directly not send the clear data bag.Present embodiment is configured to initiatively consult.
(3) according to user's demand, create corresponding IPSEC protection strategy at the data flow that needs protection.
The ZXR10 broadband access equipment supports DHCP+WEB PORTAL authentication mode to realize DHCP user's INTERNET is inserted, present embodiment uses built-in WEB PORTAL server that DHCP user is inserted, and authentication and charging are undertaken by the radius server of rear end.In addition, this broadband access equipment also needs resident " IPSEC security service " process and " access-in user safety tactical management " process.Wherein:
" IPSEC security service " process is used to the IPSEC protocol related function of the standard that realizes, the IPSEC function is realize the access of IPSEC safety basic, comprises that mainly ike negotiation and IPSEC handle.
" access-in user safety tactical management " process is used for the authentication result and the IPSEC attribute that return according to RADIUS, the IPSEC function whether decision enables the user, and the IPSEC security strategy that is adopted when enabling the IPSEC function, this IPSEC security strategy comprises: multiple adding (separating) close algorithm, multiple identifying algorithm, session key, key updating cycle etc.That these strategies can negotiate in both sides' ike negotiation process is definite, coupling add (separating) close algorithm, identifying algorithm, session key, key updating cycle etc.
Radius server is used for user's authentication and charging.Also dispose the IPSEC attribute of client in this server, after authentication was passed through, this server had the IPSEC attribute of relative client in the authentication result that the ZXR10 broadband access equipment returns.Radius server also charges accordingly according to the IPSEC the security strategy whether user enables IPSEC function and employing.
Can realize IPSEC safety inserted with can runing with manageable access service by the system after the above-mentioned improvement and combine.Concrete handling process is (radius server is not shown in the drawings) as shown in Figure 2, may further comprise the steps:
Step 1 is enabled IPSEC security service and IPSEC tactical management at dhcp client, enables WEB PORTAL access authentication, IPSEC security service and access-in user safety tactical management on broadband access equipment;
Step 2, dhcp client are initiated the request of IP address lease, finish the exchange of DHCP agreement after, obtain the IP address of renting from the ZXR10 broadband access equipment;
Step 3, dhcp client are dynamically created the IPSEC security strategy of dhcp client according to the IP address that dynamically obtains, and bypass the http data bag between dhcp client and broadband access equipment, WEBPORTAL server;
Step 4, dhcp client are initiated WEB PROTAL authentication request, and after authentication, radius server is to ZXR10 broadband access equipment return authentication result (containing the IPSEC attribute), and the ZXR10 broadband access equipment sends the message of authentication success to dhcp client;
Authentication result that step 5, ZXR10 broadband access equipment are returned according to RADIUS and the IPSEC attribute that extracts are enabled the IPSEC security strategy that IPSEC function and decision are adopted;
Step 6, ZXR10 broadband access equipment trigger ike negotiation, finish negotiation after, generate the IPSEC security association, set up IPSEC protection tunnel, simultaneously, radius server charges according to user's the information that comprises the IPSEC attribute;
Step 7, when dhcp client is visited outside equipment by the ZXR10 broadband access equipment, judging whether to have set up the IPSEC secure tunnel earlier (might not set up because of abnormal cause, handle but set up by the IPSEC security association among the figure), if do not set up, carry out next step, otherwise, execution in step nine;
Step 8, the ike negotiation between dhcp client triggering and ZXR10 broadband access equipment is to generate corresponding IPSEC security association;
Step 9, dhcp client sends the safe IP bag of having encrypted of going out to the ZXR10 broadband access equipment, is forwarded to the INTERNET main frame after the deciphering of ZXR10 broadband access equipment;
Step 11, dhcp client sends the request of rolling off the production line to the ZXR10 broadband access equipment, and the ZXR10 broadband access equipment is destroyed the IPSEC tunnel with dhcp client, and radius server then stops to charge.
The foregoing description can also other various conversion, for example: if client configuration is passive triggering ike negotiation, then check that by broadband access equipment whether the tunnel is set up, and as setting up, triggers ike negotiation once more by broadband access equipment.Specifically, step 7 and step 8 can be replaced with following steps, remaining step is all constant.
Step 7 ', when dhcp client is visited outside equipment by the ZXR10 broadband access equipment, judge whether to have set up the IPSEC secure tunnel earlier, if do not set up, then directly send the clear data bag and do not trigger ike negotiation, carry out next step, if set up, execution in step nine;
Step 8 ', after the ZXR10 broadband access equipment is received the clear data bag that dhcp client sends, if be checked through and dhcp client between the IPSEC secure tunnel do not set up, then trigger once more and dhcp client between ike negotiation, generate corresponding IPSEC security association;
In addition, also can be on certificate server configuring IPSEC attribute-bit only, each IPSEC attribute-bit is represented a kind of IPSEC security strategy that disposes in the broadband access equipment, only need the configuring IPSEC attribute-bit to get final product on the certificate server, identify according to this by broadband access equipment and find corresponding IPSEC security strategy.
In sum, the present invention's " based on IPSEC safety access method of DHCP+WEB PORTAL authentication " is with demand convenient, fast, safe, that advantage that can manage, can run satisfies the user fully, for user's secure communication provides enough safety guarantee.
Claims (5)
1, a kind of safety access method based on dynamic host configuration arrangment and network gate verification may further comprise the steps:
(a) network gateway access authentication, IP security protocol security service and access-in user safety tactical management are enabled in the security service and the tactical management of enabling IP security protocol in the client that adopts DHCP on coupled broadband access equipment;
(b) after described client dynamically obtains the IP address from described broadband access equipment, according to the IP security protocol security strategy of this IP address creation based on tunnel mode, described client is not protected to the http data bag between described broadband access equipment, radius server, and radius server is a remote authentication dial-up access client server;
(c) described client is initiated the network gateway authentication request, and after authentication, radius server returns the authentication result that comprises this client ip security protocol attribute information to described broadband access equipment;
(d) described broadband access equipment extracts the IP security protocol attribute of this client according to described authentication result, enable the IP security protocol security strategy that IP security protocol function and decision are adopted, and the negotiation of the Internet Key Exchange between triggering and the described client, to generate the IP security protocol security association;
(e) described client is encrypted the IP bag that sends to external equipment by described broadband access equipment, and described broadband access equipment is encrypted the IP bag that is forwarded to described client, and is forwarded to destination device after the IP bag deciphering that described client is sent;
(f) after described client rolled off the production line, described broadband access equipment was destroyed the IP security protocol tunnel with described client.
2, safety access method as claimed in claim 1 is characterized in that, described access is meant the access of wideband wireless local area network.
3, safety access method as claimed in claim 1, it is characterized in that, radius server charges according to user's the information that comprises the IP security protocol attribute after generating the IP security protocol security association, and stops to charge after described client rolls off the production line.
4, safety access method as claimed in claim 1 is characterized in that, described client consults to be configured to the initiatively mode of negotiation with the Internet Key Exchange, and simultaneously, described step (e) is further divided into following steps:
When (e11) described client is visited external equipment by described broadband access equipment, judge whether to have set up the IP security protocol tunnel earlier,, carry out next step if do not set up, otherwise, execution in step (e13);
(e12) the Internet Key Exchange between described client triggering and described broadband access equipment is consulted the IP security protocol security association between generation and described broadband access equipment;
(e13) described client is wrapped to the safe IP that has encrypted that described broadband access equipment is sent to external equipment, is forwarded to external equipment after the described broadband access equipment deciphering;
(e14) described broadband access equipment wraps the IP that external equipment mails to described client, is forwarded to described client after the encryption again.
5, safety access method as claimed in claim 1 is characterized in that, the mode that described client consults to be configured to passive negotiation with the Internet Key Exchange, and simultaneously, described step (e) is further divided into following steps:
When (e21) described client is visited external equipment by described broadband access equipment, judge whether to have set up the IP security protocol tunnel earlier,, directly send the clear data bag, carry out next step if do not set up, otherwise, execution in step (e23);
(e22) after described broadband access equipment is received the clear data bag that described client sends, if be checked through and described client between the IP security protocol tunnel do not set up, then the Internet Key Exchange between triggering and described client is consulted once more, the IP security protocol security association between generation and described client;
(e23) described client is wrapped to the safe IP that has encrypted that described broadband access equipment is sent to external equipment, is forwarded to external equipment after the described broadband access equipment deciphering;
(e24) described broadband access equipment wraps the IP that external equipment mails to described client, is forwarded to described client after the encryption again.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100915399A CN100352220C (en) | 2004-11-18 | 2004-11-18 | Safety access method based on dynamic host configuration arrangment and network gate verification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100915399A CN100352220C (en) | 2004-11-18 | 2004-11-18 | Safety access method based on dynamic host configuration arrangment and network gate verification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1780244A CN1780244A (en) | 2006-05-31 |
| CN100352220C true CN100352220C (en) | 2007-11-28 |
Family
ID=36770367
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100915399A Expired - Fee Related CN100352220C (en) | 2004-11-18 | 2004-11-18 | Safety access method based on dynamic host configuration arrangment and network gate verification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100352220C (en) |
Families Citing this family (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100596069C (en) * | 2006-08-15 | 2010-03-24 | 中国电信股份有限公司 | Automatic configuration system and method of IPSec safety tactis in domestic gateway |
| CN101232369B (en) * | 2007-01-22 | 2010-12-15 | 华为技术有限公司 | Method and system for distributing cryptographic key in dynamic state host computer collocation protocol |
| CN101247356B (en) | 2007-02-13 | 2011-02-16 | 华为技术有限公司 | DHCP message passing method and system |
| CN101296136B (en) * | 2007-04-29 | 2011-05-11 | 华为技术有限公司 | Method and system for information distribution of server information, and management device |
| CN101312397B (en) * | 2007-05-24 | 2011-03-23 | 永洋科技股份有限公司 | Wireless network system authentication method |
| CN101351019B (en) * | 2007-07-20 | 2011-06-01 | 华为技术有限公司 | Access gateway, terminal as well as method and system for establishing data connection |
| CN101471767B (en) * | 2007-12-26 | 2011-09-14 | 华为技术有限公司 | Method, equipment and system for distributing cipher key |
| CN101232419B (en) | 2008-01-18 | 2010-12-08 | 西安西电捷通无线网络通信股份有限公司 | Wireless local area network access method based on primitive |
| CN101222412B (en) * | 2008-01-23 | 2010-08-04 | 成都市华为赛门铁克科技有限公司 | Network address commutation traversing method and system |
| CN101686266B (en) * | 2008-09-24 | 2014-07-09 | 华为技术有限公司 | Method and network equipment for acquiring management address by wireless access equipment |
| CN101621527B (en) * | 2009-08-21 | 2012-07-11 | 杭州华三通信技术有限公司 | Method, system and device for realizing safety certificate based on Portal in VPN |
| CN103179554B (en) * | 2011-12-22 | 2016-06-22 | 中国移动通信集团广东有限公司 | Wireless broadband network connection control method, device and the network equipment |
| CN104683296B (en) * | 2013-11-28 | 2018-07-06 | 中国电信股份有限公司 | Safety certifying method and system |
| CN106549923A (en) * | 2015-09-22 | 2017-03-29 | 中国联合网络通信集团有限公司 | A kind of control method and device of secure access |
| CN108123955B (en) * | 2017-12-27 | 2020-12-29 | 新华三技术有限公司 | Management method, device and equipment of safety table items and machine-readable storage medium |
| CN114039795B (en) * | 2021-11-26 | 2023-06-23 | 郑州信大信息技术研究院有限公司 | Software defined router and data forwarding method based on same |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1310410A (en) * | 2000-02-19 | 2001-08-29 | 智才有限公司 | service login |
| JP2001326696A (en) * | 2000-05-18 | 2001-11-22 | Nec Corp | Method for controlling access |
| CN1345003A (en) * | 2001-11-08 | 2002-04-17 | 大唐微电子技术有限公司 | Radio e-business network system and its implementation |
| CN1350382A (en) * | 2001-11-29 | 2002-05-22 | 东南大学 | PKI-based VPN cipher key exchange implementing method |
| CN1450766A (en) * | 2002-04-10 | 2003-10-22 | 深圳市中兴通讯股份有限公司 | User management method based on dynamic mainframe configuration procotol |
-
2004
- 2004-11-18 CN CNB2004100915399A patent/CN100352220C/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1310410A (en) * | 2000-02-19 | 2001-08-29 | 智才有限公司 | service login |
| JP2001326696A (en) * | 2000-05-18 | 2001-11-22 | Nec Corp | Method for controlling access |
| CN1345003A (en) * | 2001-11-08 | 2002-04-17 | 大唐微电子技术有限公司 | Radio e-business network system and its implementation |
| CN1350382A (en) * | 2001-11-29 | 2002-05-22 | 东南大学 | PKI-based VPN cipher key exchange implementing method |
| CN1450766A (en) * | 2002-04-10 | 2003-10-22 | 深圳市中兴通讯股份有限公司 | User management method based on dynamic mainframe configuration procotol |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1780244A (en) | 2006-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100352220C (en) | Safety access method based on dynamic host configuration arrangment and network gate verification | |
| US9461975B2 (en) | Method and system for traffic engineering in secured networks | |
| TWI293844B (en) | A system and method for performing application layer service authentication and providing secure access to an application server | |
| US6976177B2 (en) | Virtual private networks | |
| CN1186906C (en) | Wireless LAN safety connecting-in control method | |
| CN1456006A (en) | Methods and arrangements in a telecommunications system | |
| CN1643947A (en) | Method to provide dynamic internet protocol security policy service | |
| US20070086338A1 (en) | Application layer ingress filtering | |
| US20090064291A1 (en) | System and method for relaying authentication at network attachment | |
| CN1536847A (en) | Method for authority discrimination grouping and effective loading | |
| US20090031395A1 (en) | Security system for wireless networks | |
| CN105376239A (en) | Method and device for supporting mobile terminal to perform IPSec VPN message transmission | |
| CN1889430A (en) | Safety identification control method based on 802.1 X terminal wideband switching-in | |
| CN1703047A (en) | Virtual private network system, communication terminal, and remote access communication method therefore | |
| CN1863048A (en) | Method of internet key exchange consultation between user and cut-in apparatus | |
| CN1949705A (en) | Dynamic tunnel construction method for safety access special LAN and apparatus therefor | |
| WO2006071065A1 (en) | System and method for detecting and interception of ip sharer | |
| Chakraborty et al. | 6LoWPAN security: classification, analysis and open research issues | |
| Qu et al. | IPSec-based secure wireless virtual private network | |
| CN1225941C (en) | Roaming access method of mobile node in radio IP system | |
| CN113783868B (en) | Method and system for protecting Internet of things safety of gate based on commercial password | |
| CN1750533A (en) | Method for realizing safety coalition backup and switching | |
| Xenakis et al. | Secure VPN deployment in GPRS mobile network | |
| CN1770761A (en) | Address renewing method based on network key exchange protocol | |
| CN1901499A (en) | Safety access method for special local area net and device used for said method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20071128 Termination date: 20141118 |
|
| EXPY | Termination of patent right or utility model |