WO2016206227A1 - Procédé et dispositif de contrôle d'accès - Google Patents

Procédé et dispositif de contrôle d'accès Download PDF

Info

Publication number
WO2016206227A1
WO2016206227A1 PCT/CN2015/091304 CN2015091304W WO2016206227A1 WO 2016206227 A1 WO2016206227 A1 WO 2016206227A1 CN 2015091304 W CN2015091304 W CN 2015091304W WO 2016206227 A1 WO2016206227 A1 WO 2016206227A1
Authority
WO
WIPO (PCT)
Prior art keywords
mac address
access
whitelist
white list
access control
Prior art date
Application number
PCT/CN2015/091304
Other languages
English (en)
Chinese (zh)
Inventor
孟苑
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016206227A1 publication Critical patent/WO2016206227A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL

Definitions

  • This document relates to the field of wireless access control, and more particularly to an access control method and apparatus.
  • Infinity Fidelity (Wireless-Fidelity, WI-FI for short) is a network transmission standard for improving the interoperability between IEEE802.11-based wireless network products. It converts wired signals into high-frequency radio signals, and wirelessly connects terminals such as personal computers and handheld devices such as IPAD and MOBILE PHONE to each other. Although it has the advantages of fast transmission speed, low transmission signal power and no restrictions on wiring conditions, it meets the needs of social information, but it also has the disadvantages of poor transmission quality and low data security performance.
  • ARP Address Resolution Protocol
  • WEP Wired Equivalent Privacy
  • the technical problem to be solved by the present invention is to provide an access control method and apparatus to improve the usage rate of a wireless network.
  • An access control method includes:
  • the MAC address of the access request is matched with the MAC address in the static whitelist that has been set, when the MAC address is If the MAC address in the static whitelist matches, the MAC address is allowed to access; when the MAC address has no matching item in the static whitelist, the access request is blocked;
  • the step of setting temporary usage rights for the MAC address in the quasi-white list includes:
  • the maximum number of allowed access times and the maximum usage duration are set for the MAC address in the quasi-white list.
  • the storage format of the MAC address information in the quasi-white list may be expressed as: identifier + access time + disconnection time + access times + cumulative network access duration.
  • the method further includes: when the number of accesses of a MAC address reaches the maximum number of allowed accesses, or the usage duration reaches the maximum usage duration, or the access times reach the maximum number of allowed accesses, and When the usage duration reaches the maximum usage duration, the temporary use permission of the MAC address is canceled or the MAC address is directly deleted.
  • the method further includes: setting a minimum usage value of the access times;
  • the number of times the MAC address is used in the whitelist is monitored. When the number of accesses of a MAC address is less than the minimum usage value of the access number in a preset time, the temporary use permission of the MAC address is cancelled or the MAC address is directly deleted.
  • the method further includes: when a MAC address is canceled for temporary use permission, reporting to the administrator that the temporary use right of the MAC address is canceled, and the administrator activates the MAC address according to the usage of the MAC address, that is, The MAC address is set as a legitimate user, or the MAC address is continued as an illegal user.
  • the step of canceling the temporary use right of the MAC address includes:
  • An access control device comprising: a receiving unit, a determining unit, and a whitelist matching list Meta, quasi-white list processing unit and rights management unit, wherein
  • the receiving unit is configured to: receive an access request sent by a MAC address
  • the determining unit is configured to: determine whether the time when the receiving unit receives the access request is within a fixed time zone that has been set, and if not, notify the whitelist matching unit; if yes, notify the standard Whitelist processing unit;
  • the whitelist matching unit is configured to: match an access MAC address that sends the access request with a MAC address in a static whitelist that has been set, and match the MAC address in the static whitelist when the access MAC address is matched. Allowing the MAC address to be accessed; when the access MAC address has no match in the static whitelist, the access request of the MAC address is blocked;
  • the whitelist processing unit is configured to: filter out the MAC address without authority according to the static whitelist, and include all MAC addresses that are not authorized in the fixed time zone in the whitelist;
  • the rights management unit is configured to: set a temporary use right for the MAC address in the quasi-white list.
  • the rights management unit is configured to set a temporary use right for the MAC address in the quasi-white list according to the following manner: setting a maximum number of allowed access times and a maximum use time for the MAC address in the quasi-white list.
  • the rights management unit is further configured to: represent, in the whitelist, a storage format of the MAC address information as: identifier + access time + disconnection time + access times + cumulative network access time.
  • the rights management unit is further configured to: when the number of accesses of a MAC address reaches the maximum number of allowed accesses, or the usage duration reaches the maximum usage duration, or the access times reach the allowed access The maximum number of times, and when the usage duration reaches the maximum usage duration, cancel the temporary use permission of the MAC address or directly delete the MAC address.
  • the rights management unit is further configured to: set a minimum usage value of the access times;
  • the rights management unit monitors the number of times the MAC address is used in the whitelist. When the number of accesses of the MAC address is less than the minimum usage value of the access times in a preset time, the temporary use permission of the MAC address is cancelled or directly Delete the MAC address.
  • the rights management unit is configured to cancel the temporary use rights of the MAC address as follows:
  • the device may further include an unauthorized alarm unit, wherein
  • the unauthorized alarm unit is configured to: when a MAC address is cancelled, the temporary use right of the MAC address is cancelled.
  • a computer program comprising program instructions that, when executed by a computer, cause the computer to perform any of the above described access control methods.
  • the embodiment of the present invention only opens the right to the legitimate user during the working time period and the important time period, and sets the temporary open permission to the user other than the legitimate user in other time periods, so that the utilization rate of the network can be improved.
  • FIG. 1 is an overall architectural view of an embodiment of the present invention
  • FIG. 2 is a flowchart of an access control method according to an embodiment of the present invention.
  • FIG. 3 is a flowchart of processing for a quasi-white list according to an application example of the present invention.
  • FIG. 4 is a flowchart of a process after a MAC address in a quasi-white list is canceled for temporary use according to an application example of the present invention
  • FIG. 5 is a schematic structural diagram of an access control apparatus according to an embodiment of the present invention.
  • FIG. 1 is a schematic diagram of an overall architecture of a wireless access control system according to the present invention.
  • the method for processing the fixed list authority judgment, statistics, and sending the MAC address information data in the embodiment of the present invention is as follows:
  • Step 201 The wireless routing device receives an access request sent by the terminal MAC address.
  • Step 202 If the wireless routing device receives the access request, the access routing request sends the access MAC address of the access request to the MAC address in the static whitelist that has been set. Match, when the access MAC address matches the MAC address in the static whitelist, the MAC address is allowed to access, the access right of the MAC address is automatically recognized and its usage record is always ignored; when the access MAC address is If there is no match in the static whitelist, it is identified as an illegal MAC address in the blacklist, and the access request is blocked.
  • Step 203 If the wireless routing device receives the access request in the fixed time zone that has been set, the MAC address of the privileged MAC address is filtered according to the static whitelist, and the MAC address of the privileged MAC address is recorded and counted. Enter the information and all the MAC addresses without permissions in the fixed time zone will be listed in the whitelist.
  • the fixed time zone that has been set generally refers to a time period other than work or an unimportant time zone; otherwise, the fixed time zone that has been set refers to the working time zone or refers to an important time zone, during working hours. Segments and important time periods only open permissions for legitimate users, while in other time periods, temporary open permissions are set for users other than legitimate users, which can improve network utilization.
  • the method further includes: setting a temporary use right for the MAC address in the quasi-white list.
  • the step of setting a temporary use right for the MAC address in the quasi-white list includes: setting a maximum number of allowed access times and a maximum use duration for the MAC address in the quasi-white list.
  • the storage format of the MAC address information in the quasi-white list may be expressed as: identifier + access time + disconnection time + access times + cumulative network access duration.
  • the method further includes: when the number of accesses of a MAC address reaches the maximum number of allowed accesses, or the usage duration reaches the maximum usage duration, or the access times reach the maximum number of allowed accesses, and When the usage duration reaches the maximum usage duration, the temporary use permission of the MAC address is canceled or the MAC address is directly deleted.
  • the method further includes: setting a minimum usage value of the access times;
  • the number of times the MAC address is used in the whitelist is monitored. When the number of accesses of a MAC address is less than the minimum usage value of the access number in a preset time, the temporary use permission of the MAC address is cancelled or the MAC address is directly deleted.
  • the number of MAC address access times in a certain time range is smaller than a preset value of the permission change module, and the permission change module can automatically clear the MAC address to improve the use efficiency of the database.
  • the method further includes: when a MAC address is canceled for temporary use permission, reporting to the administrator that the temporary use right of the MAC address is canceled, and the administrator activates the MAC address according to the usage of the MAC address, that is, The MAC address is set as a legitimate user, or the MAC address is continued as an illegal user.
  • the step of canceling the temporary use permission of the MAC address includes:
  • the third step is to generate a relatively dynamic whitelist to facilitate temporary access to potential legitimate users.
  • the method for processing a quasi-white list in the embodiment of the present invention is as follows:
  • Step 301 According to the maximum number of allowed access times and the maximum duration value, the rights management unit determines whether there is a MAC address information record exceeding the preset limit in the whitelist, and the data of the access times and the maximum duration are preset.
  • the MAC address in the limit has temporary access rights. If one or two MAC addresses that exceed the preset limit will cancel the temporary use permission of the MAC address.
  • a MAC address access times and a single access time will gradually accumulate.
  • Step 302 When a MAC address in the quasi-white list is first granted temporary permission (permit.), the rights management unit considers the data of the access times to be 1, and as the data is continuously updated, The value will be closer and closer to the critical point monitored by the rights management unit, as will the cumulative network access time. At the same time, it can be set to a faster reading format when the unit reads the called data.
  • Step 303 When one of the two pieces of data reaches the preset value first, the rights management unit changes the identifier of the MAC address from permit. to deny., and temporarily prohibits the access request and the use permission of the MAC address.
  • the rights management unit may also monitor the number of times the MAC address is used. When the number of accesses of the MAC address is less than the minimum value of the preset access times in a predetermined time, the temporary use permission of the MAC address is cancelled or directly Delete the MAC address.
  • the active attack strategy is used to defend against the attacks of potential illegal users.
  • the loopholes of the network users and the access control system can be effectively found. Improvements in technical standards provide an opportunity.
  • the two units created in this process are connected to each other and the division of labor is clear.
  • the privilege identification module is used to determine and identify the privilege of the MAC address, and has the functions of data statistics and storage, and the privilege change module is responsible for monitoring the data and performing the action of changing the privilege and freezing the privilege, and automatically clearing the long-term non-use of the wireless service. The function of losing the MAC address information record.
  • the processing method is as follows:
  • Step 401 When the rights management unit changes the authority of the MAC address from permit. to deny., the unauthorized alarm unit is notified at the same time, and the unauthorized alarm unit can determine the status and location of the MAC address according to the received simple reminder, and go to the rights management unit.
  • the information of the MAC address required for the extraction can be expressed as an identifier /deny.
  • Step 402 The unauthorized alarm unit further sorts the extracted information, and the edit is sent to the administrator as a short message, and the format may be: freeze MAC address/freeze time+processing opinion (the short message reply number 1 indicates thaw, and the number 0 indicates mask) .
  • Step 403 If the administrator believes that the MAC address user is legal, the activation notification unit will receive a short message with a reply of 1. After receiving the instruction, the activation notification unit immediately deletes the unauthorized record of the MAC address and activates the access permission. . If the administrator believes that the MAC address user is still illegal, continue to use the MAC address as an illegal user.
  • the above three steps achieve the effect of the maneuvering permission change event, in order to determine the individual MAC
  • the question of address legitimacy provides evidence, choice, and time.
  • it also provides a quick way to reply to the short message and solve the problem of the legality of individual MAC addresses with one key, which greatly facilitates the actual operation and reduces the probability of misjudgment of the access control system.
  • FIG. 5 it is a schematic structural diagram of an access control apparatus according to an embodiment of the present invention.
  • the apparatus includes: a receiving unit 501, a determining unit 502, a whitelist matching unit 503, a whitelisting processing unit 504, and a rights management unit 505.
  • the receiving unit 501 is configured to: receive an access request sent by a terminal MAC address;
  • the determining unit 502 is configured to: determine whether the time when the receiving unit receives the access request is within a fixed time zone that has been set, and if not, notify the whitelist matching unit; if yes, notify the Whitelist processing unit;
  • the whitelist matching unit 503 is configured to match the access MAC address that sends the access request with the MAC address in the static whitelist that has been set, when the access MAC address is the same as the MAC address in the static whitelist. Matching, allowing the MAC address to be accessed; when the access MAC address has no match in the static whitelist, determining the MAC address as an illegal MAC address, and masking the access request of the MAC address;
  • the quasi-white list processing unit 504 is configured to: filter out the MAC address without the authority according to the static white list, record and count the access information of the MAC address without the authority, and all the MACs without the authority in the fixed time zone. The address is included in the quasi-white list;
  • the rights management unit 505 is configured to set a temporary use right for the MAC address in the quasi-white list.
  • the rights management unit 505 is configured to set a temporary use right for the MAC address in the quasi-white list according to the following manner: setting a maximum number of allowed access times and a maximum use time for the MAC address in the quasi-white list .
  • the rights management unit 505 is further configured to: represent, in the whitelist, the storage format of the MAC address information as: identifier/access time/disconnection time/access times/accumulated network access duration.
  • the rights management unit 505 is further configured to: when the number of accesses of a MAC address reaches the maximum number of allowed accesses, or the usage duration reaches the maximum usage duration, or access times When the number reaches the maximum number of allowed accesses and the usage duration reaches the maximum usage duration, the temporary use permission of the MAC address is cancelled or the MAC address is directly deleted.
  • the rights management unit 505 is further configured to: set a minimum usage value of the access times;
  • the rights management unit 505 monitors the number of times the MAC address is used in the whitelist. When the number of accesses of the MAC address is less than the minimum usage value of the access times within a preset time, the temporary use permission of the MAC address is cancelled or directly deleted. The MAC address.
  • the device may further include an override alarm unit 506.
  • the method further includes: after a MAC address is cancelled, the unauthorized use alarm unit 506 reports to the administrator that the temporary use right of the MAC address is canceled, and the administrator uses the MAC address according to the usage of the MAC address.
  • the address is set to a valid user, or the MAC address is continued as an illegal user.
  • the embodiment of the invention also discloses a computer program, comprising program instructions, which when executed by a computer, enable the computer to execute any of the above access control methods.
  • the embodiment of the invention also discloses a carrier carrying the computer program.
  • the embodiment of the present invention only opens the right to the legitimate user during the working time period and the important time period, and sets the temporary open permission to the user other than the legitimate user in other time periods, so that the utilization rate of the network can be improved. Therefore, the present invention has strong industrial applicability.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé et un dispositif de contrôle d'accès, le procédé consistant : à recevoir une requête d'accès envoyée par une adresse de contrôle d'accès au support (MAC) ; si la réception de la requête d'accès est en dehors d'une zone de temps fixe préétablie, à mettre en correspondance l'adresse MAC envoyant la requête d'accès avec les adresses MAC dans une liste blanche statique préétablie ; lorsque l'adresse MAC correspond à une adresse MAC dans la liste blanche statique, à permettre à l'adresse MAC d'y accéder ; lorsqu'il n'y a pas d'élément de correspondance pour l'adresse MAC dans la liste blanche statique, à bloquer la requête d'accès ; si la réception de la requête d'accès est dans la zone de temps fixe préétablie, à filtrer l'adresse MAC sans autorité selon la liste blanche statique, et à placer toutes les adresses MAC sans autorité dans la zone de temps fixe dans une liste quasi-blanche, et à définir une autorité d'utilisation temporaire pour des adresses MAC dans la liste quasi-blanche. La solution technique ci-dessus améliore l'utilisation d'un réseau sans fil.
PCT/CN2015/091304 2015-06-25 2015-09-30 Procédé et dispositif de contrôle d'accès WO2016206227A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510357139.6A CN106302373A (zh) 2015-06-25 2015-06-25 一种接入控制方法及终端
CN201510357139.6 2015-06-25

Publications (1)

Publication Number Publication Date
WO2016206227A1 true WO2016206227A1 (fr) 2016-12-29

Family

ID=57584476

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/091304 WO2016206227A1 (fr) 2015-06-25 2015-09-30 Procédé et dispositif de contrôle d'accès

Country Status (2)

Country Link
CN (1) CN106302373A (fr)
WO (1) WO2016206227A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109586928A (zh) * 2018-12-21 2019-04-05 杭州全维技术股份有限公司 一种基于网络设备的上网行为阻断方法
CN112910784A (zh) * 2019-12-03 2021-06-04 华为技术有限公司 路由的确定方法、装置和系统

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107517461B (zh) * 2017-08-21 2021-08-27 上海掌门科技有限公司 一种用于对用户设备进行无线连接预授权的方法与设备
CN107819768B (zh) * 2017-11-15 2020-07-31 厦门安胜网络科技有限公司 服务端主动断开非法长连接的方法、终端设备及存储介质
CN108076500B (zh) * 2017-12-13 2021-04-02 北京小米移动软件有限公司 局域网管理的方法、装置及计算机可读存储介质
CN110661744A (zh) * 2018-06-28 2020-01-07 石悌君 一种网络访问控制方法
CN110912788B (zh) * 2018-09-18 2021-07-23 珠海格力电器股份有限公司 联网控制方法及装置、存储介质、处理器
CN110087242B (zh) * 2019-04-29 2020-08-21 四川英得赛克科技有限公司 一种工业控制环境下无线接入设备合法性快速判别方法
CN112052432A (zh) * 2020-09-01 2020-12-08 禾麦科技开发(深圳)有限公司 终端设备授权方法及装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7535880B1 (en) * 2005-01-13 2009-05-19 2Wire, Inc. Method and apparatus for controlling wireless access to a network
CN103442097A (zh) * 2013-08-30 2013-12-11 烽火通信科技股份有限公司 一种家庭网关控制WiFi终端接入权限的系统及方法
CN103619018A (zh) * 2013-11-21 2014-03-05 北京奇虎科技有限公司 一种无线网络访问权限的检测方法,装置及路由器
CN204145542U (zh) * 2014-11-12 2015-02-04 厦门掌沃软件科技有限公司 一种防蹭网路由器

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7535880B1 (en) * 2005-01-13 2009-05-19 2Wire, Inc. Method and apparatus for controlling wireless access to a network
CN103442097A (zh) * 2013-08-30 2013-12-11 烽火通信科技股份有限公司 一种家庭网关控制WiFi终端接入权限的系统及方法
CN103619018A (zh) * 2013-11-21 2014-03-05 北京奇虎科技有限公司 一种无线网络访问权限的检测方法,装置及路由器
CN204145542U (zh) * 2014-11-12 2015-02-04 厦门掌沃软件科技有限公司 一种防蹭网路由器

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109586928A (zh) * 2018-12-21 2019-04-05 杭州全维技术股份有限公司 一种基于网络设备的上网行为阻断方法
CN112910784A (zh) * 2019-12-03 2021-06-04 华为技术有限公司 路由的确定方法、装置和系统

Also Published As

Publication number Publication date
CN106302373A (zh) 2017-01-04

Similar Documents

Publication Publication Date Title
WO2016206227A1 (fr) Procédé et dispositif de contrôle d'accès
JP7223022B2 (ja) 端末(ue)の管理と制御のための方法および装置
Mantas et al. Security for 5G communications
KR102329493B1 (ko) 무선 침입 방지 시스템에서의 접속 차단 방법 및 장치
CN103442097B (zh) 一种家庭网关控制WiFi终端接入权限的系统及方法
WO2018080976A1 (fr) Détection de dispositifs vulnérables dans des réseaux sans fil
EP3780688B1 (fr) Appareil et procédé de restriction d'accès d'un dispositif terminal
CN106130962B (zh) 一种报文处理方法和装置
WO2016086763A1 (fr) Procédé de détection de nœud d'accès sans fil, système de détection de réseau sans fil et serveur
CN102035793A (zh) 僵尸网络检测方法、装置以及网络安全防护设备
US8145131B2 (en) Wireless ad hoc network security
US11250172B2 (en) Handling wireless client devices associated with a role indicating a stolen device
KR20160006915A (ko) 사물인터넷 관리 방법 및 장치
CN108833425A (zh) 一种基于大数据的网络安全系统及方法
CN106559399A (zh) 一种互联网移动终端综合管控系统
US20140150069A1 (en) Method for distinguishing and blocking off network node
CN109995769A (zh) 一种多级异构跨区域的全实时安全管控方法
WO2016062113A1 (fr) Procédé et terminal de détection de sécurité d'accès d'un réseau sans fil
CN106685843B (zh) 一种安全强化路由器的方法
CN106411852B (zh) 一种分布式终端准入控制方法和装置
JP6616733B2 (ja) ネットワークシステムおよびサーバ装置
CN105812338B (zh) 一种数据访问管控方法及网络管理设备
CN101631078B (zh) 一种端点准入防御中的报文控制方法及接入设备
CN105681352B (zh) 一种无线网络访问安全管控方法和系统
KR20230038571A (ko) 연관 제어 방법 및 관련 장치

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15896120

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15896120

Country of ref document: EP

Kind code of ref document: A1