CN101193112B - A registration method and agent server - Google Patents
A registration method and agent server Download PDFInfo
- Publication number
- CN101193112B CN101193112B CN2006101609309A CN200610160930A CN101193112B CN 101193112 B CN101193112 B CN 101193112B CN 2006101609309 A CN2006101609309 A CN 2006101609309A CN 200610160930 A CN200610160930 A CN 200610160930A CN 101193112 B CN101193112 B CN 101193112B
- Authority
- CN
- China
- Prior art keywords
- end points
- registration
- logon
- acting server
- logon mode
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000009434 installation Methods 0.000 claims description 20
- 230000008569 process Effects 0.000 claims description 9
- 241000769223 Thenea Species 0.000 description 5
- 230000004044 response Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 3
- 238000011156 evaluation Methods 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000033228 biological regulation Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000009385 viral infection Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses a logon method which includes the following steps: according to pre-configured logon strategy, an agent server determines logon modes of an endpoint which tries to visit network resources (the logon modes comprise an active logon mode and a passive logon mode); according to the determined logon mode, logon for the endpoint is carried out; With the method, the agent server can, according to the logon strategy, adopt different logon modes flexibly for different endpoints controlled by the agent server. As to the endpoint with great danger, only passive logon is permitted to guarantee network security; as to the endpoint with high security requirements, the active logon is permitted to provide high-quality service to the endpoint. The embodiment of the invention also discloses an agent server which comprises a logon strategy configuring module, a main control module and a logon module.
Description
Technical field
The present invention relates to the registration technology of end points in the network, particularly a kind of register method and acting server.
Background technology
Along with the fast development of the Internet in the whole world, the security threat of application layer, such as virus, assault etc. emerge in an endless stream.This mainly comes from the open architecture of IP technology and the shortage of itself safeguard protection.(Network Endpoint Assessment, purpose NEA) is that protecting network is not subjected to those threats from dangerous end points in the network endpoint assessment.These dangerous end points comprise by virus infections or have the end points of some security breaches.Network manager is collected the system status information of end points, and is assessed by being installed in the agent software on the end points of attempting access network in the NEA system, investigates its matching degree to network security policy.Whether allow this end points to enter network according to assessment result decision then to certain end points.Have only satisfactory end points just to allow access network.For the end points that does not meet strategy, network manager does not allow its access network, simultaneously can also notify this end points with new way more.
NEA is the linked system between an agent client and the acting server, and for guaranteeing that assessment and access control operation can be implemented, acting server and the agent software that is installed on the end points must be found at first mutually and be verified, also be registration process.The realization of this committed step mainly contains dual mode: 1, initiatively survey by acting server to the end points that request inserts, and be called initiatively logon mode.2, initiatively send request by agent client to acting server, be called passive logon mode.
Initiatively the detailed process of logon mode is: when end points was attempted the accesses network resource, acting server initiatively sent registration notification to this end points.If this end points has been installed agent client, the notice of its meeting response server is finished the registration operation.If end points does not have the installation agent client, the detection that it can response server.Server will determine that end points does not have installation agent after repeatedly detection but can not get the end points response.Server can also will allow the dynamic installation agent client of this end points simultaneously according to the access request of corresponding this type of end points of policy constraints by other modes.
Initiatively the shortcoming of logon mode is: when attempting the end points One's name is legion of access network, this scheme may cause the acting server overload.Particularly disguise oneself as a plurality of end points when initiating false network access request by changing modes such as IP address when the malice end points, acting server can face more serious burden, even causes service unavailable.
The detailed process of passive logon mode is: agent client initiatively sends request to acting server, and the acting server passive response should be asked, and finishes the registration operation.
The shortcoming of passive logon mode is: because acting server is answered the request of agent client by trend, so if end points does not have installation agent, acting server can not receive the register requirement that this end points sends, just can not discern this end points, can not assess the system status information of this end points.
Not only can there be the problems referred to above in the registration in the NEA evaluating system, needs the network environment of endpoint registration all can have the problems referred to above equally at other, during as the accessing terminal to network in the communication network.If adopt the initiatively mode of registration, over-burden may to cause server so, and when the frequent registration that faces malicious client, can cause the serious decline of network service quality; If adopt the mode of passive registration, the end points of installation agent client just can't not finished registration so, thereby hinders its accesses network resource.As seen, no matter initiatively or passive register method, all can not take into account network security and high quality services requirement.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of register method, and logon mode that can the flexible configuration end points is when guaranteeing network security, for end points provides high quality services.
The embodiment of the invention also provides a kind of acting server, and logon mode that can the flexible configuration end points is when guaranteeing network security, for end points provides high quality services.
For achieving the above object, the embodiment of the invention adopts following technical scheme:
A kind of register method, this method comprises:
Acting server is according to pre-configured registration policy, determines to attempt the logon mode of the end points of accesses network resource, and described logon mode comprises: initiatively logon mode and or passive logon mode;
Logon mode according to determining carries out the registration of described end points.
A kind of acting server, this acting server comprises: registration policy configuration module, main control module, Registering modules, wherein,
Described registration policy configuration module is used for the configuration registry strategy;
Described main control module is used for according to the pre-configured registration policy of described registration policy configuration module, determines to attempt the logon mode of the end points of accesses network resource, and described logon mode comprises: initiatively logon mode and or passive logon mode;
Described Registering modules is used for carrying out the registration of described end points according to described logon mode.
As seen from the above technical solution, in the embodiment of the invention, acting server is according to pre-configured registration policy, determines to attempt the logon mode of the end points of accesses network resource, wherein, logon mode comprises one or both in active logon mode and the passive logon mode; Then, by the logon mode that acting server and end points basis are determined, carry out the registration operation of end points.By the way, acting server can adopt different logon modes to different end points neatly according to registration policy, only allows to carry out passive registration for the higher end points of danger, guarantees network security; For the higher end points of safety requirements, allow to carry out the active registration, for end points provides high quality services.
Description of drawings
Fig. 1 is the overview flow chart of the register method of the embodiment of the invention.
Fig. 2 is the overall construction drawing of the acting server of the embodiment of the invention.
Fig. 3 is the particular flow sheet of the register method of the embodiment of the invention one.
Fig. 4 is the concrete structure figure of the acting server of the embodiment of the invention two.
Fig. 5 is the network structure of a NEA evaluating system.
Embodiment
For the purpose, technological means and the advantage that make the embodiment of the invention is clearer, the embodiment of the invention is elaborated below in conjunction with accompanying drawing.
The basic thought of the embodiment of the invention is: acting server is according to pre-configured registration policy, determines to attempt the logon mode of the end points of accesses network resource, and wherein, logon mode comprises one or both in the initiatively logon mode and passive logon mode; Then, according to logon mode, carry out the registration operation of end points by acting server and end points.
Fig. 1 is the overview flow chart of the register method of the embodiment of the invention.As shown in Figure 1, this method comprises:
In this step, the logon mode of end points comprises following one or both combinations: active logon mode and passive logon mode.
Fig. 2 is the overall construction drawing of the acting server of the embodiment of the invention.As shown in Figure 2, this acting server 200 comprises: registration policy configuration module 210, main control module 220 and Registering modules 230.
In this acting server 200, registration policy configuration module 210 is used for the configuration registry strategy.Main control module 220, be used for according to the pre-configured registration policy of registration policy configuration module 210, determine to attempt the logon mode of the end points of accesses network resource, and logon mode sent to Registering modules 230, wherein, logon mode comprises one or both in active logon mode and the passive logon mode.Registering modules 230 is used for carrying out the registration of end points according to the logon mode that receives.
The above-mentioned overview that is register method and acting server in the embodiment of the invention is below by the embodiment of specific embodiment explanation register method and acting server.
Embodiment one:
Fig. 3 is the particular flow sheet of the register method of the embodiment of the invention one.In the present embodiment, be example explanation embodiment with the NEA evaluating system.As shown in Figure 3, this method comprises:
In this step, mainly consider the relation between the fail safe of balance sysmte and the network user's service quality during acting server configuration registry strategy from the angle of security standpoint and network throughput.The main mode of taking is: obtain network environment information, according to network environment information, end points is provided with corresponding logon mode.Network environment information may comprise following a kind of or combination in any: the safe condition of end points region, end points are wanted the security requirement in accesses network zone, the system burden of acting server, the busy extent of system, the danger of system.
Particularly, the registration policy that disposes in the acting server can for: the zones of different according to end points is positioned at is provided with different logon modes to end points.Particularly, can be according to the difference of fail safe, the logon mode of configuration zones of different end points.For the zone of determining to be subjected to more attack, only allow to adopt passive logon mode; For the zone of determining to be subjected to less attack, only allow to adopt logon mode initiatively; For other zone, allow simultaneously initiatively and passive logon mode.
For a specific example, the borderline region between enterprise network and Internet, end points adopts passive logon mode, can strengthen the ability that acting server is resisted dos attack like this; In enterprise network inside, end points adopts logon mode initiatively, and like this, acting server can help end points installation agent client, finishes the registration operation.
The registration policy that disposes in the acting server can also for: the heterogeneous networks zone according to end points will be visited is provided with different logon modes to end points.Particularly, if the network area that end points will be visited is higher to security requirement, visits this regional end points and only allow passive logon mode.The explanation of giving one example, the network area that end points will be visited is an enterprise network core data base area, for reduce attacked may, visit this regional end points and only allow passive logon mode.
The registration policy that disposes in the acting server can also for: according to the system burden of acting server, the end points under the control of this acting server is provided with suitable logon mode.Particularly, according to the disposal ability of acting server, for acting server is provided with the burden threshold value.Surpass the burden threshold value of setting when the system burden of acting on behalf of server after, the end points of visiting this network area, acting server place resource only allows passive logon mode.
The registration policy of acting server configuration can also for: according to difference characteristics constantly, for the end points under the acting server control is provided with suitable logon mode.Particularly,, the end points that requires the accesses network resource is only allowed passive logon mode in the busy moment and the dangerous higher moment of system, thus the normal operation of the system of assurance; At other constantly, the end points that requires the accesses network resource is allowed active and passive two kinds of logon modes simultaneously or only allows initiatively logon mode.
For a specific example, in working just, numerous users of enterprise network inside open computer together, at this moment just can use passive logon mode.In the operating time, allow to adopt simultaneously initiatively and passive logon mode for the subscriber endpoints of enterprise network inside.In the later time of coming off duty, consider safety factor, only allow end points to adopt passive logon mode.
Certainly, above-mentioned some simple registration policy of only having enumerated can also be carried out Multiple Combination with above-mentioned registration policy, the different logon modes of regulation end points.In network operation process, network environment may change, and according to different network environments, acting server can be adjusted the logon mode of different end points in real time according to the registration policy of configuration.
In this step, according to the registration policy of configuration in the step 301, acting server is judged the logon mode of end points.In embodiments of the present invention, the logon mode of end points has three kinds, is respectively to allow active registration and passive registration, a permission initiatively to register and only allow passive registration simultaneously.
In this step,, therefore can select to guarantee to register the mode of carrying out smoothly arbitrarily and register owing to allow to carry out active registration and passive logon mode.If end points has been installed agent client, then active and passive logon mode all can guarantee to register and carry out smoothly; And if end points installation agent client not, when adopting passive logon mode, acting server can't be perceived this end points, has only to adopt logon mode initiatively, could after the installation agent client registration be carried out smoothly.
Step 306 is selected arbitrarily a kind of in initiatively registration and the passive logon mode, carries out the registration of end points, and process ends.
In above-mentioned steps 303, the concrete steps that passive logon mode carries out endpoint registration are: acting server receives the register requirement that end points sends, and responds this request and finishes registration.The register requirement that agent client sends can be: Extensible Authentication Protocol (the EAPOL)-Start message of the Client Hello message of the Client Hello message of Secure Sockets Layer(SSL) agreement, Transport Layer Security (TLS) agreement or local area network (LAN) carrying.
Certainly, have only the end points that agent client has been installed could send register requirement, for the end points of installation agent client not, because it can not send register requirement, acting server also just can't be discerned this end points.For the end points of malicious attack, this is the effective means of effectively checking its attack, and the assurance acting server can not wasted the register requirement that resource is replied the malice end points, thereby can not influence the service quality to other end points.
In above-mentioned steps 304, the concrete steps that the active logon mode carries out endpoint registration comprise:
Step 304a, acting server initiatively sends registration notification to end points.
In this step, the registration notification that acting server initiatively sends can be: the EAP-Req message of Extensible Authentication Protocol (EAPoUDP) the Hello/Req message of the ID/Request message in the Extensible Authentication Protocol (EAP), user datagram carrying, shielded Extensible Authentication Protocol (PEAP)-Start message, EAP-TLS/Start message or the Extensible Authentication Protocol (EAPFAST) by the secure tunnel flexible authentication.
Step 304b, acting server judge whether end points has installed agent client, if, execution in step 304d then, otherwise execution in step 304c.
Step 304c, the access request of the corresponding policy constraints end points of acting server basis, and be this end points installation agent client.
Step 304d finishes the registration operation.
Adopt the initiatively end points of logon mode, when its not during the installation agent client, acting server can be its installation dynamically.To the end points that the security service that provides is had relatively high expectations, the general initiatively mode of registration that adopts.
In step 306, because this end points is allowed initiatively and passive logon mode simultaneously, and end points installed agent client, so can the mode of choosing any one kind of them finish registration.Concrete active and passive mode are finished the process of registration, and identical with in step 303 and 304 just repeats no more here.
The above-mentioned embodiment that is the register method of the embodiment of the invention.Introduce the embodiment of the acting server of the embodiment of the invention below.
Embodiment two:
Fig. 4 is the concrete structure figure of the acting server of the embodiment of the invention two, and this acting server can be used to implement above-mentioned register method.In the present embodiment, be the embodiment that example illustrates this acting server with the NEA evaluating system.As shown in Figure 4, this acting server 400 comprises: registration policy configuration module 410, main control module 420, Registering modules 430, acquisition module 440.
In this acting server 400, registration policy configuration module 410 is used for the configuration registry strategy.Acquisition module 440, be used to obtain network environment information, wherein, network environment information comprises following a kind of or combination in any: the safe condition of end points region, end points are wanted the security requirement in accesses network zone, the system burden of acting server, the busy extent of system, the danger of system, and the network environment information that also is used for obtaining sends to main control module 420.Main control module 420 is used to receive the network environment information that acquisition module 440 sends, and according to the pre-configured registration policy of registration policy configuration module 410, determines the logon mode of end points, and this logon mode is sent to Registering modules 430.Registering modules 430 is used for carrying out the registration of end points according to the logon mode that receives.
In above-mentioned acting server 400, be with the difference of acting server 200 shown in Figure 2, increased acquisition module 440.According to this module, can grasp network environment information in real time, as the safe condition of network and system burden situation etc., judge the endpoint registration mode for main control module 430 real-time reference is provided, the logon mode that end points is adopted more meets present system requirements, improves service quality when guaranteeing network security.
Above-mentioned acting server both can be the independent network equipment, also can be the module that is embedded in other network equipment of network side.
Below for a specific example, the register method among above-mentioned two embodiment of the present invention and the course of work of acting server are described.
Fig. 5 is the network structure of a NEA evaluating system.As shown in Figure 5, this system comprises Internet 500 and enterprise network 510, also comprises subnet 511 in the enterprise in enterprise network 510 inside.This intrasystem acting server is an acting server 400 shown in Figure 4, also comprises three end points 521,522 and 523 in addition.Wherein, end points 521 is arranged in Internet 500, and agent client has been installed; End points 522 is arranged in Internet 500, not the installation agent client; End points 523 is arranged in enterprise network 510, not the installation agent client.
In this system, the registration policy that disposes for acting server is: for the zone that faces many danger, be specially the border between enterprise network 510 and the Internet 500, the logon mode of end points can strengthen the ability that acting server is resisted dos attack like this for only allowing passive registration; Zone for more security service need be provided for end points is specially enterprise network 510 inside, and the logon mode of end points is only to allow initiatively registration, with help end points installation agent client, and finishes the registration operation.
After having disposed above-mentioned registration policy, when end points 521 is attempted the accesses network resource, because the border of this end points between Internet 500 and enterprise network 510, therefore end points 521 must adopt passive logon mode, because end points 521 has been installed agent client, therefore it can initiatively send register requirement, and acting server 400 returns the registration response to it.After finishing registration, acting server 400 can directly be finished evaluation operation with end points 521.
When end points 522 is attempted the accesses network resource, because the border of this end points between Internet 500 and enterprise network 510, therefore end points 522 must adopt passive logon mode, and because end points 522 installation agent client not, therefore can't send a request for registration in the acting server 400, can't finish registration.Acting server 400 can't carry out evaluation operation to end points 522.
When end points 523 is attempted the accesses network resource, because this end points is positioned at enterprise network 510 inside, therefore end points 523 adopts initiatively logon mode, and because end points 523 installation agent client not, therefore after acting server 400 sends registration notification, can be its TSM Security Agent client, and finish the registration operation.After finishing the registration operation, acting server 400 can carry out evaluation operation with end points 523.
Like this, just, finished the registration operation of three end points.Because end points 522 has certain danger, so acting server do not register it, prevents that it from utilizing registration destruction system, guaranteed network security, the system resource that saves can be thought for other system safe end points as end points 521 and 523, provides high quality services.
The foregoing description and object lesson are that example is described with the NEA evaluating system all.In fact, the register method of the embodiment of the invention and acting server also can be applied in other the network and system.Particularly, register method also can be applied in the network systems such as telecommunications, computer, and acting server can be authentication and authorization charging (AAA) server, fire compartment wall, and equipment such as router, end points can be computer, portable terminal etc.The mode of introducing in concrete execution mode and the embodiment of the invention is identical, is concrete physical entity and application system difference to some extent, just repeats no more here.
Being preferred embodiment of the present invention only below, is not to be used to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (7)
1. a register method is characterized in that, this method comprises:
Acting server is according to pre-configured registration policy, determines to attempt the logon mode of the end points of accesses network resource, and described logon mode comprises: initiatively logon mode and/or passive logon mode; Wherein, pre-configured registration policy is: according to the network environment information that obtains, to the corresponding logon mode of described end points setting; The described network environment information that obtains comprises following a kind of or combination in any: the safe condition of end points region, end points are wanted the security requirement in accesses network zone, the system burden of acting server, the busy extent of system and the danger of system;
Logon mode according to determining carries out the registration of described end points.
2. according to the method described in the claim 1, it is characterized in that, when the logon mode of end points when only allowing passive registration, describedly carry out being registered as of end points:
The end points that agent client is installed sends request by agent client to acting server, and acting server responds this request, finishes the registration operation.
3. according to the method described in the claim 1, it is characterized in that when the logon mode of end points was initiatively registered for a permission, the described registration of carrying out end points comprised:
A, acting server send registration notification to described end points;
B, acting server judge whether described end points has installed agent client, if, execution in step d then, otherwise execution in step c;
C, acting server limit the access request of described end points, and are this end points installation agent client;
D, finish registration operation and process ends.
4. according to the method described in the claim 1, it is characterized in that, when the logon mode of end points when allowing initiatively registration and passive registration simultaneously, describedly carry out being registered as of end points:
If end points is the installation agent client, then select any one mode in initiatively registration and the passive registration to carry out endpoint registration;
If end points is the installation agent client not, then adopting initiatively, logon mode carries out endpoint registration.
5. an acting server is characterized in that, this acting server comprises: registration policy configuration module, main control module, Registering modules, wherein,
Described registration policy configuration module is used for the configuration registry strategy;
Described main control module is used for according to the pre-configured registration policy of described registration policy configuration module, determines to attempt the logon mode of the end points of accesses network resource, and described logon mode comprises: initiatively logon mode and/or passive logon mode; Pre-configured registration policy is: according to the network environment information that obtains, to the corresponding logon mode of described end points setting; The described network environment information that obtains comprises following a kind of or combination in any: the safe condition of end points region, end points are wanted the security requirement in accesses network zone, the system burden of acting server, the busy extent of system and the danger of system;
Described Registering modules is used for carrying out the registration of described end points according to described logon mode.
6. acting server according to claim 5, it is characterized in that, described acting server also comprises acquiring unit, be used to obtain network environment information, described network environment information comprises following a kind of or combination in any: the safe condition of end points region, end points are wanted the security requirement in accesses network zone, the system burden of acting server, the busy extent of system, the danger of system;
Described main control module receives described network environment information, according to the pre-configured registration policy of described registration policy configuration module, determines the logon mode of described end points.
7. according to claim 5 or 6 described acting servers, it is characterized in that described acting server is independent equipment or is embedded in other network equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006101609309A CN101193112B (en) | 2006-12-01 | 2006-12-01 | A registration method and agent server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006101609309A CN101193112B (en) | 2006-12-01 | 2006-12-01 | A registration method and agent server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101193112A CN101193112A (en) | 2008-06-04 |
| CN101193112B true CN101193112B (en) | 2010-10-27 |
Family
ID=39487860
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2006101609309A Expired - Fee Related CN101193112B (en) | 2006-12-01 | 2006-12-01 | A registration method and agent server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101193112B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101771555B (en) * | 2008-12-29 | 2012-08-08 | 迈普通信技术股份有限公司 | Realizing method for managing two-layer access terminal |
| CN103476020B (en) * | 2013-09-04 | 2016-06-08 | 中国联合网络通信集团有限公司 | The switching method of over-the-air download service registration mode and OTA smart card |
| CN107077326B (en) * | 2014-10-15 | 2020-10-13 | 艾拉物联网络(深圳)有限公司 | Registration framework for connected consumer devices |
| CN108200046B (en) * | 2017-12-28 | 2020-12-08 | 新华三技术有限公司 | Registration method and device of terminal equipment, terminal equipment and proxy server |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1346104A (en) * | 2000-09-26 | 2002-04-24 | 开碁数位科技股份有限公司 | Sectional registing method and system |
| CN1585364A (en) * | 2004-05-28 | 2005-02-23 | 中兴通讯股份有限公司 | Method for H.323 agent server to register on gatekeeper from terminals after being agent of NAT |
| CN1722663A (en) * | 2004-07-13 | 2006-01-18 | 联想(北京)有限公司 | A proxy server system and method for realizing proxy communication thereof |
| US7113994B1 (en) * | 2000-01-24 | 2006-09-26 | Microsoft Corporation | System and method of proxy authentication in a secured network |
| CN1863195A (en) * | 2005-05-13 | 2006-11-15 | 中兴通讯股份有限公司 | Family network system with safety registration function and method thereof |
-
2006
- 2006-12-01 CN CN2006101609309A patent/CN101193112B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7113994B1 (en) * | 2000-01-24 | 2006-09-26 | Microsoft Corporation | System and method of proxy authentication in a secured network |
| CN1346104A (en) * | 2000-09-26 | 2002-04-24 | 开碁数位科技股份有限公司 | Sectional registing method and system |
| CN1585364A (en) * | 2004-05-28 | 2005-02-23 | 中兴通讯股份有限公司 | Method for H.323 agent server to register on gatekeeper from terminals after being agent of NAT |
| CN1722663A (en) * | 2004-07-13 | 2006-01-18 | 联想(北京)有限公司 | A proxy server system and method for realizing proxy communication thereof |
| CN1863195A (en) * | 2005-05-13 | 2006-11-15 | 中兴通讯股份有限公司 | Family network system with safety registration function and method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101193112A (en) | 2008-06-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8230480B2 (en) | Method and apparatus for network security based on device security status | |
| US20070150934A1 (en) | Dynamic Network Identity and Policy management | |
| US7194004B1 (en) | Method for managing network access | |
| US8191106B2 (en) | System and method of network access security policy management for multimodal device | |
| EP1689206B1 (en) | Wireless network having multiple security zones | |
| KR101159355B1 (en) | Method and system for securely provisioning a client device | |
| US7735118B2 (en) | Method and apparatus for preventing bridging of secure networks and insecure networks | |
| US7764677B2 (en) | Method and system for policy-based address allocation for secure unique local networks | |
| US20070192858A1 (en) | Peer based network access control | |
| KR101910605B1 (en) | System and method for controlling network access of wireless terminal | |
| WO2007098052A2 (en) | Peer based network access control | |
| CN1705924A (en) | System and method for detecting an infective element in a network environment | |
| JP3987539B2 (en) | Session information management method and session information management apparatus | |
| US9548982B1 (en) | Secure controlled access to authentication servers | |
| US11716623B2 (en) | Zero trust wireless monitoring - system and method for behavior based monitoring of radio frequency environments | |
| WO2017109272A1 (en) | Network management | |
| CN101193112B (en) | A registration method and agent server | |
| JP4636345B2 (en) | Security policy control system, security policy control method, and program | |
| CN112771833B (en) | Identifier allocation method, recording method, device, client node, server, and medium | |
| KR100722720B1 (en) | A secure gateway system and method with internal network user authentication and packet control function | |
| KR100819942B1 (en) | Method for access control in wire and wireless network | |
| CN113765905B (en) | Data communication method based on trusted service agent | |
| JP3725893B2 (en) | Network system | |
| Palmieri et al. | Audit-based access control in nomadic wireless environments | |
| Patil et al. | Using Multi-agent Sourcing Method for Detection and Elimination of Rogue Access Points in WLAN-802. 11 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20101027 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |