JP2008072242A5 - - Google Patents
Download PDFInfo
- Publication number
- JP2008072242A5 JP2008072242A5 JP2006247241A JP2006247241A JP2008072242A5 JP 2008072242 A5 JP2008072242 A5 JP 2008072242A5 JP 2006247241 A JP2006247241 A JP 2006247241A JP 2006247241 A JP2006247241 A JP 2006247241A JP 2008072242 A5 JP2008072242 A5 JP 2008072242A5
- Authority
- JP
- Japan
- Prior art keywords
- ipsec
- network device
- identifier
- primary
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 claims 3
- 230000005540 biological transmission Effects 0.000 claims 2
Claims (8)
1次のIPsecが適用されたペイロードにつき、ユーザで認証したIPsec SAに基づいて2次のIPsecを適用する2次IPsec手段とを備え、
認証サーバによりユーザIDおよびパスワードによる認証を行い、当該認証サーバから取得した識別子および共通鍵を用いて上記2次のIPsecを適用することを特徴とするネットワーク機器。 Primary IPsec means for applying primary IPsec to communication data based on IPsec SA authenticated by the device;
A secondary IPsec means for applying the secondary IPsec based on the IPsec SA authenticated by the user for the payload to which the primary IPsec is applied ,
A network device characterized in that authentication by a user ID and password is performed by an authentication server, and the second-order IPsec is applied using an identifier and a common key acquired from the authentication server .
送信側と宛先側で互いに決めた識別子とその識別子に対する共通鍵とを利用して認証を行い、認証した識別子をペイロードに適用する2次IPsecのセレクタに利用することを特徴とするネットワーク機器。 The network device according to claim 1,
A network device characterized in that authentication is performed by using an identifier determined on a transmission side and a destination side and a common key for the identifier, and the authenticated identifier is used for a secondary IPsec selector that applies to a payload.
ユーザ認証のための識別子および共通鍵をサーバで管理することを特徴とするネットワーク機器。 The network device according to claim 1,
A network device characterized in that an identifier and a common key for user authentication are managed by a server.
1次のIPsecを作成する段階で、2次のIPsecをサポートしている相手かどうかを識別する能力交換手段を備え、
上記能力交換手段は、Private USEによるパケット交換により問い合わせを行うことを特徴とするネットワーク機器。 The network device according to claim 1,
A capability exchanging means for identifying whether the other party supports the secondary IPsec in the stage of creating the primary IPsec ;
The network device according to claim 1, wherein the capability exchange means makes an inquiry by packet exchange by Private USE .
上記ユーザによる認証は、データベースにIDが存在し、かつ、アクセス条件に当てはまる場合に適正であると判断することを特徴とするネットワーク機器。 The network device according to claim 1,
A network device characterized in that authentication by the user is determined to be appropriate when an ID exists in a database and an access condition is satisfied.
宛先側の機器では、1次のIPsecの暗号解除後に機器のアクセス許可があり、かつ、2次のIPsecの暗号解除後にユーザのアクセス許可がある場合に受信パケットを上位の処理に送ることを特徴とするネットワーク機器。 The network device according to claim 1,
The destination device sends the received packet to a higher-level process when there is device access permission after the primary IPsec decryption and when there is a user access permission after the secondary IPsec decryption Network equipment.
1次のIPsecが適用されたペイロードにつき、ユーザで認証したIPsec SAに基づいて2次のIPsecを適用する2次IPsec工程とを備え、
認証サーバによりユーザIDおよびパスワードによる認証を行い、当該認証サーバから取得した識別子および共通鍵を用いて上記2次のIPsecを適用することを特徴とするアクセス制御方法。 A primary IPsec process for applying primary IPsec to communication data based on IPsec SA authenticated by the device;
A secondary IPsec process for applying a secondary IPsec based on a user-authenticated IPsec SA for a payload to which the primary IPsec is applied ,
An access control method comprising: authenticating with a user ID and password by an authentication server, and applying the second-order IPsec using an identifier and a common key acquired from the authentication server .
送信側と宛先側で互いに決めた識別子とその識別子に対する共通鍵とを利用して認証を行い、認証した識別子をペイロードに適用する2次IPsecのセレクタに利用することを特徴とするアクセス制御方法。 The access control method according to claim 7 ,
An access control method, wherein authentication is performed using an identifier determined on the transmission side and a destination side and a common key for the identifier, and the authenticated identifier is used for a secondary IPsec selector that applies to a payload.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2006247241A JP4874037B2 (en) | 2006-09-12 | 2006-09-12 | Network equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2006247241A JP4874037B2 (en) | 2006-09-12 | 2006-09-12 | Network equipment |
Publications (3)
Publication Number | Publication Date |
---|---|
JP2008072242A JP2008072242A (en) | 2008-03-27 |
JP2008072242A5 true JP2008072242A5 (en) | 2009-07-23 |
JP4874037B2 JP4874037B2 (en) | 2012-02-08 |
Family
ID=39293469
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2006247241A Expired - Fee Related JP4874037B2 (en) | 2006-09-12 | 2006-09-12 | Network equipment |
Country Status (1)
Country | Link |
---|---|
JP (1) | JP4874037B2 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4994683B2 (en) * | 2006-03-17 | 2012-08-08 | 株式会社リコー | Network equipment |
JP2011199340A (en) * | 2010-03-17 | 2011-10-06 | Fujitsu Ltd | Communication apparatus and method, and communication system |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001298449A (en) * | 2000-04-12 | 2001-10-26 | Matsushita Electric Ind Co Ltd | Security communication method, communication system and its unit |
US7978655B2 (en) * | 2003-07-22 | 2011-07-12 | Toshiba America Research Inc. | Secure and seamless WAN-LAN roaming |
JP4407452B2 (en) * | 2004-09-29 | 2010-02-03 | 株式会社日立製作所 | Server, VPN client, VPN system, and software |
-
2006
- 2006-09-12 JP JP2006247241A patent/JP4874037B2/en not_active Expired - Fee Related
Similar Documents
Publication | Publication Date | Title |
---|---|---|
ES2619693T3 (en) | Access control system for a reliable network based on authentication between pairs of three elements | |
Housley et al. | Guidance for authentication, authorization, and accounting (AAA) key management | |
US8112790B2 (en) | Methods and apparatus for authenticating a remote service to another service on behalf of a user | |
CN109561066A (en) | Data processing method and device, terminal and access point computer | |
JP2005184835A5 (en) | ||
CN108848111B (en) | Decentralized virtual private network building method based on block chain technology | |
KR20130079120A (en) | Revocable security system and method for wireless access points | |
JP2006053923A5 (en) | ||
WO2008121131A3 (en) | Methods and apparatus for premises content distribution | |
WO2007016436A3 (en) | Segmented network identity management | |
WO2008048179A3 (en) | Cryptographic key management in communication networks | |
WO2009026049A3 (en) | Method and apparatus for authenticating a network device | |
JP7292263B2 (en) | Method and apparatus for managing digital certificates | |
CN107360571A (en) | Anonymity in a mobile network is mutually authenticated and key agreement protocol | |
WO2008121544A3 (en) | User profile, policy, and pmip key distribution in a wireless communication network | |
JP2018505620A5 (en) | Communication system and authentication method | |
CN102547701A (en) | Authentication method and wireless access point as well as authentication server | |
FI20055442A0 (en) | Ensure the authenticity and rights of the remote customer | |
CN106685785B (en) | Intranet access system based on IPsec VPN proxy | |
JP2007128349A (en) | Network system, proxy server, session management method, and program | |
CN101521667B (en) | Method and device for safety data communication | |
JP2014060742A5 (en) | Method and apparatus for authenticated user access to Kerberos-enabled applications based on an authentication and key agreement (AKA) mechanism | |
CN104754571A (en) | User authentication realizing method, device and system thereof for multimedia data transmission | |
CN101478388B (en) | Multi-stage security mobile IPSec access authentication method | |
CN103780389A (en) | Port based authentication method and network device |