CN101621380A - Method for evaluating security state of terminal, network equipment and system - Google Patents
Method for evaluating security state of terminal, network equipment and system Download PDFInfo
- Publication number
- CN101621380A CN101621380A CN200810098771A CN200810098771A CN101621380A CN 101621380 A CN101621380 A CN 101621380A CN 200810098771 A CN200810098771 A CN 200810098771A CN 200810098771 A CN200810098771 A CN 200810098771A CN 101621380 A CN101621380 A CN 101621380A
- Authority
- CN
- China
- Prior art keywords
- network
- terminal
- state
- server
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Abstract
The embodiment of the invention discloses a method for evaluating the security state of a terminal. The method comprises the following steps that: a second network receives an access request from the terminal; the second network acquires a security policy from a first network, acquires corresponding security state information from the terminal according to the security policy, and evaluates the security state of the terminal according to the security state information to acquire a result of the security state evaluation; or the second network transmits the security policy to the first network, the first network acquires the corresponding security state information from the terminal according to the security policy, evaluates the security state of the terminal according to the security state information to acquire the result of the security evaluation state, and feeds the result of the security evaluation state back to the second network. The invention also discloses a related network system and network equipment. The embodiment of the invention can improve the utilization efficiency and the security of information and network, and reduce network load.
Description
Technical field
The present invention relates to communication technical field, particularly a kind of method, the network equipment and system of security state of terminal assessment.
Background technology
Along with develop rapidly and the widespread usage of Internet, virus technology also develops rapidly.When viral large-scale outbreak, the mass data flow that transmits in the network is the junk data that produced by virus and detection, attack traffic, cause the wasting of resources, had a strong impact on the network efficiency and the safety of operator, also terminal and the business to the user produces adverse influence and security threat.The user is when obtaining more diversified service, and the security risk that self and network are brought also increases greatly.
Manageable and be protected from the security threat of the inside of carrier network, and the intrusion of the virus of relevant user terminals is easier, and user distribution is in extensive range, little terminal can't guarantee that also client all is equipped with antivirus software or fire compartment wall because resource-constrained causes protective capacities lower.Even the Secure Application software client all is installed, because unified control, the user can not in time carry out security update probably, causes the potential safety hazard such as expired of system vulnerability or virus base.
Simultaneously, along with popularizing of the development of mobile technology and portable terminal, increasing user wishes that in the process that moves access network is enjoyed various services at any time.Therefore, not only will carry out security protection and security evaluation at fixing terminal or fixing user, what is more important realizes the terminal that moves is carried out seamless security state evaluation.
Collection and security state evaluation to terminal security status information supplying in the prior art are carried out in visited network, can not make full use of the resource of the home network or the visited network before the roaming of terminal, and the safety state information that obtained of visited network before home network or the roaming or obtain state evaluating result, cause the excessive and wasting of resources of visited network load.
Summary of the invention
In view of this, the embodiment of the invention proposes a kind of method for evaluating security state of terminal, is applied to first network and second network, and this method comprises:
Described second network receives the access request from described terminal;
Described second network obtains the security strategy from first network, obtains safety state information from the correspondence of described terminal according to described security strategy, according to described safety state information terminal is carried out security state evaluation and obtains state evaluating result; Perhaps,
Described second network sends security strategy to first network, the described first network based described security strategy is obtained the safety state information from the correspondence of described terminal, according to described safety state information terminal is carried out security state evaluation and obtain state evaluating result, described state evaluating result is offered second network.
The embodiment of the invention also provides a kind of method for evaluating security state of terminal, and first network storage is to the state evaluating result of this terminal, and when this terminal was visited second network, described method comprised: described second network receives the access request from described terminal; Described second network is to the first network requests state evaluating result, and second network receives the state evaluating result to this terminal of preserving from first network, according to this result the access of described terminal is responded.
The embodiment of the invention also provides a kind of method for evaluating security state of terminal, first network storage is to the state evaluating result and the safety state information of this terminal, when this terminal was visited second network, described method comprised: described second network receives from the access request of described terminal and comprises the information of first network identity; Second network based described first network identity, initiate the state evaluating result and/or the safety state information request of described terminal to first network, by and first network between set up in advance or the interim escape way of setting up obtains state evaluating result and/or the safety state information to described terminal that first network is preserved.
The embodiment of the invention also provides a kind of network system, comprising: first server of first network and the second server of second network, wherein:
Described second server is used to receive the access request from described terminal; To the described first network requests security strategy, obtain security strategy from described first server, obtain safety state information according to described security strategy from the correspondence of described terminal, according to described safety state information described terminal is carried out security state evaluation, obtain state evaluating result;
Described first server is used for sending security strategy to second server.
The embodiment of the invention also provides a kind of network system, comprising: first server of first network and the second network second server, wherein:
Described second server is used to receive the access request from described terminal; Ask described first network that described terminal is carried out security state evaluation, send security strategy to first server; Reception is from the state evaluating result to terminal of first server;
Described first server, be used to obtain security strategy from second server, obtain safety state information according to described security strategy from the correspondence of described terminal, according to described safety state information terminal is carried out security state evaluation and obtain state evaluating result, assessment result is fed back to second server.
The embodiment of the invention also provides a kind of network equipment, comprising:
Insert the request receiving element, be used to receive access request from roaming terminal;
The security strategy acquiring unit is used for obtaining described security strategy according to the home network or the roaming visited network request security strategy before of described access request to described terminal;
The security state evaluation unit, be used for the security strategy that gets access to according to described security strategy acquiring unit, obtain safety state information, described terminal is carried out security state evaluation, obtain state evaluating result according to described safety state information from described terminal.
The embodiment of the invention also provides a kind of network equipment, comprising:
Insert the request receiving element, be used to receive access request from roaming terminal;
The security evaluation request unit is used to ask the home network of this roaming terminal or the visited network before the roaming that described terminal is carried out security state evaluation, sends security strategy to described home network or visited network;
The state evaluating result receiving element is used to receive from described home network or the visited network state evaluating result to terminal.
The embodiment of the invention also provides a kind of method for evaluating security state of terminal, comprising:
Second network receives the communication request of self terminal;
Second network or described terminal request first network carry out security state evaluation to described terminal;
Second network receives the state evaluating result to described terminal from described first network, this state evaluating result is by the request of described first network according to described second network or described terminal, obtains according to the safety state information assessment that receives self terminal.
The embodiment of the invention also provides a kind of network equipment, comprising:
The communication request receiving element is used to receive the communication request from roaming terminal;
The state evaluating result request unit is used to ask the home network of this roaming terminal or the visited network before the roaming that described terminal is carried out security state evaluation;
The state evaluating result receiving element is used to receive from described home network or the visited network state evaluating result to terminal.
The embodiment of the invention also provides a kind of network system, comprising: first server of first network and the second network second server, wherein:
Described second server is used to receive the communication request from described terminal; Ask described first network that described terminal is carried out security state evaluation; Reception is from the state evaluating result to terminal of first server;
Described first server, be used to receive from second server or the security state evaluation request that comes self terminal,, safe condition assessed according to the safety state information that receives self terminal according to described request, obtain state evaluating result, this assessment result is offered second server.
The embodiment of the invention also provides a kind of method for evaluating security state of terminal, comprising:
Second network receives the communication request of self terminal;
Second network or described terminal request first network are collected the safety state information of described terminal;
Second network receives the described terminal security status information supplying from first network, and described terminal security status information supplying is to be collected to described terminal by the request of first network based second network or described terminal to obtain;
The second network based described safety state information is carried out security state evaluation to described terminal, obtains state evaluating result.
The embodiment of the invention also provides a kind of network equipment, comprising:
The communication request receiving element is used to receive the communication request from roaming terminal;
The safety state information request unit is used to ask the home network of this roaming terminal or the visited network before the roaming that the safety state information of described terminal is collected;
The safety state information receiving element is used to receive the safety state information from the terminal of described home network or visited network collection;
The security state evaluation unit is used for the safety state information that gets access to according to described safety state information receiving element, and terminal is carried out security state evaluation, obtains state evaluating result.
Also a kind of network system of the embodiment of the invention comprises: first server of first network and the second network second server, wherein:
Described second server is used to receive the communication request from described terminal; Ask described first network to collect the safety state information of described terminal; The safety state information of the terminal that reception is collected from first server; According to described safety state information described terminal is carried out security state evaluation, obtain state evaluating result;
Described first server is used to receive the safety state information request from second server or described terminal, according to the safety state information of described request collection terminal, this safety state information is offered second server.
The embodiment of the invention also provides a kind of method for evaluating security state of terminal, and terminal is obtained credential information from first network, and this method comprises:
Second network receives the communication request and the described credential information of self terminal;
The validity of the described credential information of second network verification obtains the state evaluating result to described terminal.
The embodiment of the invention also provides a kind of network equipment, comprising:
The communication request receiving element is used to receive the communication request from roaming terminal;
The credential information receiving element is used to receive the credential information from roaming terminal;
The credential information authentication unit is used to verify the validity of described credential information obtain the state evaluating result to described terminal.
The embodiment of the invention also provides a kind of network system, comprising: first server of first network and the second network second server, wherein:
Described first server is used for providing credential information to terminal;
Described second server is used to receive communication request and described credential information from described terminal; Verify the validity of described credential information, obtain state evaluating result described terminal.
Pass through the embodiment of the invention, can make full use of the home network of roaming terminal or the visited network before the roaming and obtain state evaluating result or safety state information this terminal, the utilization ratio and the fail safe of information and network have been improved, alleviated offered load, solved because of the collection of safety state information and unnecessary time delay that security state evaluation caused or problem of service interruption.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do one to the accompanying drawing of required use in embodiment or the description of the Prior Art below introduces simply, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the method for evaluating security state of terminal flow chart of the embodiment of the invention one;
Fig. 2 is that second webserver of the embodiment of the invention one is formed schematic diagram;
Fig. 3 is that first webserver of the embodiment of the invention one is formed schematic diagram;
Fig. 4 is the system group network schematic diagram of the embodiment of the invention one;
Fig. 5 is the method for evaluating security state of terminal flow chart of the embodiment of the invention two;
Fig. 6 is that second webserver of the embodiment of the invention two is formed schematic diagram;
Fig. 7 is that first webserver of the embodiment of the invention one is formed schematic diagram;
Fig. 8 is the method for evaluating security state of terminal flow chart of the embodiment of the invention three;
Fig. 9 is that second webserver of the embodiment of the invention three is formed schematic diagram;
Figure 10 is that first webserver of the embodiment of the invention three is formed schematic diagram;
Figure 11 is the method for evaluating security state of terminal flow chart of the embodiment of the invention four;
Figure 12 is the method for evaluating security state of terminal flow chart of the embodiment of the invention five;
Figure 13 is that second webserver of the embodiment of the invention five is formed schematic diagram;
Figure 14 is that first webserver of the embodiment of the invention five is formed schematic diagram;
Figure 15 is the system group network schematic diagram of the embodiment of the invention five;
Figure 16 is the method for evaluating security state of terminal flow chart of the embodiment of the invention six;
Figure 17 is that second webserver of the embodiment of the invention six is formed schematic diagram;
Figure 18 is that first webserver of the embodiment of the invention six is formed schematic diagram;
Figure 19 is the system group network schematic diagram of the embodiment of the invention six;
Figure 20 is the method for evaluating security state of terminal flow chart of the embodiment of the invention seven;
Figure 21 is that second webserver of the embodiment of the invention seven is formed schematic diagram;
Figure 22 is that first webserver of the embodiment of the invention seven is formed schematic diagram.
Figure 23 is the system group network schematic diagram of the embodiment of the invention seven.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
Among each embodiment below, first network (being designated as network 1) is meant the home network (or home network) of roaming terminal (or portable terminal) or roams the network at place before, second network (being designated as network 2) is meant the visited network (or field network) of roaming terminal (or portable terminal) or roams the network at place afterwards, or a service providing server, perhaps other network equipments.Network type can be mobile network, fixed network, mobile fixed mobile convergence network etc., can be local area network (LAN), metropolitan area network, wide area network, can be Access Network, core net, transmission network, can be network (C/S) of point to point network (P2P), client/server architecture etc.
Among each embodiment below, described safety state information can be the information of reflection security state of terminal, as: relevant informations such as the operating system version at terminal place, patch information, firewall version, antivirus software version, browser version.
Among each embodiment below, roaming terminal (or portable terminal) can be terminals such as mobile phone, notebook computer, perhaps can be the other types terminal with movable address (as mobile IP) mode access network, or the like.
Among each embodiment below, communication request can be the communication request of each layer of network, comprising: the access request of physical layer, link layer, and the business of application layer or service request etc.
Embodiment one
Referring to Fig. 1, the request that with the communication request is access network is an example, the embodiment of the invention proposes the secure state evaluating method of a kind of roaming terminal (or portable terminal) access network, finishes assessment by network 2 according to the security strategy configuration of network 1, and this method comprises:
Step1. roaming terminal initiates to insert request to network 2;
Step2. network 2 is finished authentication to terminal by the network 1 of terminal;
Step3. network 2 is to the pairing security strategy configuration information in network 1 requesting terminal of this terminal; Security strategy can be: need check that such as network the operating system version of terminal is up-to-date, perhaps the anti-virus software version is up-to-date etc.;
Step4. network 1 provides the security strategy configuration information of this terminal to network 2;
Step5. network 2 is according to coming the safety state information of the security strategy of automatic network 1 to the terminal request correspondence; Safety state information can be: such as the operating system version information of terminal, and perhaps anti-virus software version information etc.;
Step6. the safety state information of terminal response network 2 request;
Step7. network 2 is asked other safety state information;
Step8. other safety state information of terminal response network 2 request;
Step9. network 2 carries out security state evaluation according to the safety state information of terminal to report to terminal, obtains state evaluating result;
Step10. network 2 is according to the state evaluating result that obtains, and the access request of terminal is responded, and security state evaluation inserts by then allowing terminal, otherwise, can be that refusal inserts, perhaps point out access failure.
Give an example, terminal can be a mobile phone, and the server of network 1 can be the access strategy decision point PDP1 of mobile phone place home network, and the server of network 2 can be the policy decision point PDP2 that wants the visited network that inserts behind the mobile phone roaming.At this moment visited network will be asked corresponding security strategy configuration information to the PDP of the pairing home network of this mobile phone.After obtaining this response, visited network will carry out the collection of safety state information and the assessment of safe condition to mobile phone according to this security strategy configuration.Assessment is passed through, then allows to insert, otherwise, refuse this mobile phone and insert current visited network.
With reference to Fig. 2, second network of present embodiment (network 2) server can be to comprise:
Insert request receiving element 202, be used to receive access request from roaming terminal;
Security strategy acquiring unit 204 is used for obtaining security strategy according to the home network or the roaming visited network request security strategy before of described access request to described terminal;
Security state evaluation unit 206 is used for the security strategy that gets access to according to described security strategy acquiring unit, obtains the safety state information of self terminal, according to safety state information this terminal is carried out security state evaluation, obtains state evaluating result;
With reference to Fig. 3, first network of present embodiment (network 1) server can be to comprise:
Security strategy provides unit 302, is used for the security strategy request according to second webserver, provides security strategy to second webserver.
The system group network figure of present embodiment as shown in Figure 4, this system can comprise: first server 402 of network 1, the second server 404 of network 2, wherein:
The embodiment of the invention utilizes the home network of roaming terminal or the visited network before the roaming to obtain safety state information to this terminal, the utilization ratio and the fail safe that have improved information, the load that alleviates visited network.
Embodiment two
Referring to Fig. 5, the request that with the communication request is access network is an example, further embodiment of this invention proposes a kind of secure state evaluating method of accessing terminal to network, because network 2 self is not equipped with the TNC framework, need the network 1 of this terminal of request to assess, assessed according to the policy configurations of network 2 by network 1, this method comprises:
Step1. roaming terminal initiates to insert request to network 2;
Step2. network 2 is finished authentication to terminal by the network 1 of terminal;
Step3. network 2 request networks 1 carry out security state evaluation (comprising the pairing security strategy configuration information of this network in this request);
Step4. network 1 is according to coming the safety state information of the security strategy of automatic network 2 to the terminal request correspondence;
Step5. the safety state information of terminal response network 1 request;
Step6. network 1 is asked other safety state information;
Step7. other safety state information of terminal to report;
Step8. network 1 disposes the security state evaluation of finishing terminal according to the security strategy of coming automatic network 2;
Step9. network 1 is informed network 2 with state evaluating result;
Step10. the access request to terminal responds network 2 according to the state evaluating result of network 1.Security state evaluation inserts by then allowing terminal, otherwise, can be that refusal inserts or the prompting access failure.。
In this embodiment, the visited network of wanting to insert behind terminal roaming can't carry out security state evaluation to this terminal, but it also need check the safety state information of terminal according to the safe condition configuration of network self simultaneously, finally the access request of this terminal is made and is inserted response.At this moment, visited network will send himself corresponding security strategy configuration information to the PDP of the pairing home network of this terminal, and the home network of requesting terminal correspondence is finished security state evaluation to terminal according to this policy configurations simultaneously.The home network at terminal place is according to this policy configurations, finishes after the security evaluation by the collection of terminal being carried out safety state information, and assessment result is fed back to visited network.After obtaining this assessment result, visited network will be made according to the terminal that this assessment result inserts request and be inserted response.
With reference to Fig. 6, second network of present embodiment (network 2) server can be to comprise:
Insert request receiving element 602, be used to receive access request from roaming terminal;
Security evaluation request unit 604 is used to ask the home network of this roaming terminal or the visited network before the roaming that described terminal is carried out security state evaluation, sends security strategy to first server;
State evaluating result receiving element 606 is used to receive the state evaluating result to terminal from first webserver;
With reference to Fig. 7, first network of present embodiment (network 1) server can be to comprise:
Security strategy receiving element 702 is used to receive the security strategy from second webserver;
Security state evaluation unit 704, be used for according to receive from the security strategy of second webserver safety state information to the terminal request correspondence, according to this safety state information terminal is carried out security state evaluation, obtain state evaluating result.
The system group network figure of present embodiment is with shown in Figure 4, and this system can comprise: first server 802 of network 1, the second server 804 of network 2, wherein:
Second server is used to receive the access request from described terminal; Ask first network that described terminal is carried out security state evaluation, send security strategy to first server; Reception is from the state evaluating result to terminal of first server;
First server, be used for holding consultation with described first server, obtain security strategy from second server, obtain safety state information according to described security strategy from the correspondence of described terminal, carry out security state evaluation according to described safety state information, assessment result is fed back to second server.
The embodiment of the invention utilizes the home network of roaming terminal or the visited network before the roaming to obtain state evaluating result to this terminal, and the utilization ratio and the fail safe that have improved network have alleviated the visited network load.
Embodiment three
Referring to Fig. 8, the request that with the communication request is access network is an example, further embodiment of this invention proposes a kind of secure state evaluating method of accessing terminal to network, network 1 storage is to the state evaluating result of this terminal, network 2 directly utilizes the state evaluating result of network 1, when the security level required of 2 pairs of terminals of network lower, when need not that terminal carried out security state evaluation, only need be to network 1 its last assessment result of request, this result will be as the reference conditions of this terminal access.
This method comprises:
Step1. roaming terminal initiates to insert request to network 2;
Step2. network 2 is finished authentication to terminal by the network 1 of terminal;
Step3. network 2 is directly asked the assessment result of its last time to terminal to network 1;
Step4. network 1 sends to network 2 with the state evaluating result of preserving;
Step5. network 2 is made terminal with reference to this state evaluating result and is inserted response.
In the present embodiment, the security level required of the visited network that terminal request inserts is not high, at this moment visited network does not need the safety state information of terminal is assessed one by one, only need to obtain terminal assessment result before, just directly the access request of terminal is responded with reference to this assessment result by the home network at terminal place.
With reference to Fig. 9, second network of present embodiment (network 2) server can be to comprise:
Insert request receiving element 902, be used to receive the access request of self terminal;
State evaluating result request unit 904 is used for to the first web server requests state evaluating result.
With reference to Figure 10, first network of present embodiment (network 1) server can be to comprise: state evaluating result provides unit 1002, is used for the request according to second webserver, and the state evaluating result of self preserving is provided to second webserver.
The embodiment of the invention utilizes the home network of roaming terminal or the visited network before the roaming to obtain state evaluating result to this terminal, and the utilization ratio and the fail safe that have improved network have alleviated the visited network load.
Embodiment four
The request that with the communication request is access network is an example, further embodiment of this invention proposes a kind of secure state evaluating method of accessing terminal to network, can be in network design, the passage that between network 1 and network 2, breaks the wall of mistrust in advance and concern and safeguard a safety, also can be to set up escape way temporarily, in network 1, preserve the safety state information of terminal and the state evaluating result of this terminal.Utilize this escape way, safety state information and state evaluating result that can shared terminal between network 1 and the network 2.Can reduce safety state information repeating in network like this and transmit, thereby reduce security risk, reduce handover delay simultaneously, avoid the service quality of real time business to descend.
Mutual terminal security status information supplying between network 1 and the network 2 can wait by terminal use's IMSI, URL and identify identity.Referring to Figure 11, this method comprises:
Step1-Step6: the situation that embodiment is stated in the front is similar;
Step7. when terminal roaming behind the network 2, initiate to insert request to network 2, at this moment include the sign of network 1 in the request, perhaps can be that the sign of network 1 is independent of the request of access and sends;
Step8. current network 2 is finished authentication to terminal by network 1;
Step9. by the sign of network 1, current network 2 is by the safety state information and/or the state evaluating result of foundation in advance or the interim escape way of the setting up terminal that it is preserved to original network 1 request;
The request of Step10. original 1 pair of network 2 of network responds, and the safety state information and/or the state evaluating result of terminal is provided;
Step11. current network 2 selects whether to carry out security state evaluation according to own to the security level required that accesses terminal; If not high to the security level required of terminal, then directly the assessment result of the original network 1 of reference responds; If security level required is higher, then network 2 can carry out security state evaluation to terminal according to safety state information, obtains state evaluating result;
Step12. current network 2 is made to the terminal of request access according to state evaluating result and is inserted response.
In the present embodiment, network 1 both can be a visited network, also can be home network.When terminal is roamed between a plurality of networks, a kind of mode is, with self safety state information or state evaluating result be kept at home network server in, like this, when inserting different visited network behind terminal roaming, these visited network only need be to home network request its corresponding safety state information or the state evaluating result at this terminal place.Another kind of mode is that the visited network at the current place of terminal is preserved the safety state information of this terminal and this state evaluating result.When terminal roaming when the next network, new visited network only need be to the safety state information or the state evaluating result of previous visited network requesting terminal correspondence, need not to obtain this information to the home network of terminal again.
The embodiment of the invention utilizes the home network of roaming terminal or the visited network before the roaming to obtain state evaluating result to this terminal, and the utilization ratio and the fail safe that have improved information and network have alleviated the visited network load.
Embodiment five
Referring to Figure 12, further embodiment of this invention proposes a kind of method for evaluating security state of terminal, and terminal is after network 2 is initiated communication request, and network 1 will send to network 2 to the state evaluating result of terminal, and network 2 responds to the communication request of terminal in view of the above.
This method comprises:
Step1. roaming terminal is initiated communication request to network 2;
Step2. network 2 or 1 pair of described terminal of roaming terminal request network are carried out security state evaluation;
Step3. network 1 obtains safety state information from terminal, and terminal is carried out security state evaluation;
Step4. network 1 sends to network 2 to assessment result;
Step5. network 2 responds with reference to the communication request of this state evaluating result to terminal.
Present embodiment can also further comprise before or after Step2: network 2 is finished authentication to terminal by the network 1 of terminal.In the present embodiment, can be terminal after network 2 is initiated communication request, network 2 is initiated request to network 1, asks it that terminal is carried out security state evaluation.Also can be in terminal after network 2 is initiated communication request, terminal request network 1 carries out security state evaluation to it, wherein comprises the sign of network 2.After network 1 is finished security state evaluation, state evaluating result is offered network 2.
With reference to Figure 13, second network of present embodiment (network 2) server can be to comprise:
Communication request receiving element 1302 is used to receive the communication request of self terminal;
State evaluating result request unit 1304 is used to ask the home network of this roaming terminal or the visited network before the roaming that described terminal is carried out security state evaluation;
State evaluating result receiving element 1306 is used to receive from described home network or the visited network state evaluating result to terminal.
Further, second network (network 2) server can also comprise:
With reference to Figure 14, first network of present embodiment (network 1) server can be to comprise:
State evaluating result provides unit 1402, is used for according to coming self terminal or from the security state evaluation request of second webserver, providing the state evaluating result of self preserving to second webserver.
With reference to Figure 15, the network system of present embodiment comprises:
First server 1502 of first network and the second network second server 1504, wherein:
Second server 1504 is used to receive the communication request of self terminal; Ask first network that described terminal is carried out security state evaluation; Reception is from the state evaluating result to terminal of first server;
Described first server 1502, be used to receive from second server or the security state evaluation request that comes self terminal, according to described request, according to the safety state information that receives self terminal safe condition is assessed, obtain state evaluating result, this assessment result is offered second server.
Further, second server 1504 can also be used for responding according to the communication request of described state evaluating result to described terminal.
The embodiment of the invention utilizes the home network of roaming terminal or the visited network before the roaming to obtain state evaluating result to this terminal, and the utilization ratio and the fail safe that have improved network have alleviated the visited network load.
Embodiment six
Referring to Figure 16, further embodiment of this invention proposes a kind of method of security state of terminal assessment, terminal is after network 2 is initiated communication request, the safety state information of network 1 collection terminal, this information is issued network 2, network 2 utilizes these safety state information that terminal is carried out security state evaluation, responds according to assessment result.
This method comprises:
Step1. roaming terminal is initiated communication request to network 2;
Step2. network 2 or roaming terminal request network 1 are collected the safety state information of described terminal;
Step3. the safety state information of network 1 collection terminal;
Step4. network 1 sends to network 2 with the safety state information of the terminal collected;
Step5. network 2 utilizes the safety state information of terminal that terminal is carried out security state evaluation;
Step5. network 2 responds according to the communication request of state evaluating result to terminal.
Present embodiment can also further comprise before or after Step2: network 2 is finished authentication to terminal by the network 1 of terminal.
In the present embodiment, can be terminal after network 2 is initiated communication request, network 2 is initiated request to network 1, asks the safety state information of its collection terminal.Also can be in terminal after network 2 initiates to insert request, terminal request network 1 carries out the collection of safety state information to it.The sign that wherein comprises network 2.After network 1 is finished information gathering, send to network 2 like this.
With reference to Figure 17, second network of present embodiment (network 2) server can be to comprise:
Communication request receiving element 1702 is used to receive the communication request of self terminal;
Safety state information request unit 1704 is used to ask the home network of this roaming terminal or the visited network before the roaming that the safety state information of described terminal is collected;
Safety state information receiving element 1706 is used to receive the safety state information from the terminal of described home network or visited network collection;
Security state evaluation unit 1708 is used for the safety state information that gets access to according to described safety state information receiving element, and terminal is carried out security state evaluation, obtains state evaluating result.
Further, second network (network 2) server can also comprise:
With reference to Figure 18, first network of present embodiment (network 1) server can be to comprise: safety state information provides unit 1802, is used for the request according to second webserver, and the safety state information of collection is provided to second webserver.
Referring to Figure 19, present embodiment also proposes a kind of network system, comprising:
Further, second server also is used for responding according to the communication request of described state evaluating result to described terminal.
The embodiment of the invention utilizes the home network of roaming terminal or the visited network before the roaming to obtain safety state information to this terminal, and the utilization ratio and the fail safe that have improved information and network have alleviated the visited network load.
Embodiment seven
Referring to Figure 20, further embodiment of this invention proposes a kind of method for evaluating security state of terminal, and terminal obtains the voucher (for example, certificate, token etc.) that can identify its safe condition to network 1 request.Terminal is after network 2 is initiated communication request, and network 2 these vouchers of checking are according to verifying that the result responds to communication request.
This method comprises:
Step1. roaming terminal obtains a voucher from network 1, as certificate, token etc.;
Step2. terminal is initiated communication request to network 2, wherein carries this voucher;
Step3. after network 2 is finished authentication to terminal, verify the validity of this voucher;
Step4. network 2 responds to the communication request of terminal according to the checking result.
In the present embodiment, communication request can be that terminal is initiated the request of access network to network 2; Also can be terminal to a certain service providing server (as, in the network 2) initiation is at the request of certain business.
With reference to Figure 21, second network of present embodiment (network 2) server can be to comprise:
Communication request receiving element 2102 is used to receive the communication request of self terminal;
Credential information receiving element 2104 is used to receive the credential information of self terminal;
Credential information authentication unit 2106 is used to verify the validity of described credential information obtain the state evaluating result to described terminal.
Further, second network (network 2) server can also comprise:
With reference to Figure 22, first network of present embodiment (network 1) server can be to comprise: voucher provides unit 2202, and being used for provides sign its safe credential information to terminal.
Referring to Figure 23, present embodiment also proposes a kind of network system, comprising:
Further, second server also is used for responding according to the communication request of state evaluating result to described terminal.
The embodiment of the invention utilizes the home network of roaming terminal or the visited network before the roaming to obtain state evaluating result to this terminal, and the utilization ratio and the fail safe that have improved information and network have alleviated the visited network load.
Pass through the embodiment of the invention, can make full use of the home network of roaming terminal or the visited network before the roaming and obtain state evaluating result or safety state information this terminal, the utilization ratio and the fail safe of information and network have been improved, alleviated offered load, solved because of the collection of safety state information and unnecessary time delay that security state evaluation caused or problem of service interruption.
The professional can also recognize, the unit and the algorithm steps of each example of describing in conjunction with embodiment disclosed herein, can realize with electronic hardware, computer software or the combination of the two, for the interchangeability of hardware and software clearly is described, the composition and the step of each example described prevailingly according to function in the above description.These functions still are that software mode is carried out with hardware actually, depend on the application-specific and the design constraint of technical scheme.The professional and technical personnel can use distinct methods to realize described function to each specific should being used for, but this realization should not thought and exceeds scope of the present invention.
The method of describing in conjunction with embodiment disclosed herein or the step of algorithm can use the software module of hardware, processor execution, and perhaps the combination of the two is implemented.Software module can place random asccess memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or the storage medium of other form arbitrarily.
In sum, more than only be displaying to spirit of the present invention, but not be used to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (36)
1, a kind of method for evaluating security state of terminal is characterized in that, is applied to first network and second network, and described method comprises:
Described second network receives the access request of self terminal;
Described second network obtains the security strategy from first network, obtains safety state information from the correspondence of described terminal according to described security strategy, according to described safety state information terminal is carried out security state evaluation and obtains state evaluating result; Perhaps,
Described second network sends security strategy to first network, the described first network based described security strategy is obtained the safety state information from the correspondence of described terminal, according to described safety state information terminal is carried out security state evaluation and obtain state evaluating result, described state evaluating result is offered second network.
2, the method for claim 1 is characterized in that, the step that described second network obtains from the security strategy of first network also comprises before:
Second network is to the first network requests security strategy, and the first network based described request provides described security strategy to second network.
3, the method for claim 1 is characterized in that, described second network comprises to the step that first network sends security strategy:
Second network requests, first network carries out security state evaluation to described terminal, sends security strategy to first network.
4, as in the claim 1 to 3 each as described in method, it is characterized in that this method also comprises: the second network based described state evaluating result responds to the access of described terminal.
5, a kind of method for evaluating security state of terminal is characterized in that, first network storage is to the state evaluating result of this terminal, and when this terminal was visited second network, described method comprised:
Described second network receives the access request from described terminal;
Described second network is to the first network requests state evaluating result, and second network receives the state evaluating result to this terminal of preserving from first network, according to this result the access of described terminal is responded.
6, a kind of method for evaluating security state of terminal is characterized in that, first network storage is to the state evaluating result and the safety state information of this terminal, and when this terminal was visited second network, described method comprised:
Described second network receives from the access request of described terminal and comprises the information of first network identity;
Second network based described first network identity, initiate the state evaluating result and/or the safety state information request of described terminal to first network, by and first network between set up in advance or the interim escape way of setting up obtains state evaluating result and/or the safety state information to described terminal that first network is preserved.
7, method as claimed in claim 6 is characterized in that, described second network is the carried terminal user ID in state evaluating result that first network is initiated and/or safety state information request.
8, a kind of network system is characterized in that, comprising: first server of first network and the second server of second network, wherein:
Described second server is used to receive the access request from described terminal; To the described first network requests security strategy, obtain security strategy from described first server, obtain safety state information according to described security strategy from the correspondence of described terminal, according to described safety state information described terminal is carried out security state evaluation, obtain state evaluating result;
Described first server is used for sending security strategy to second server.
9, system as claimed in claim 8 is characterized in that, described second server comprises:
Insert the request receiving element, be used to receive access request from described terminal;
The security strategy acquiring unit is used for according to described access request obtaining the security strategy from first server to the first server requests security strategy;
The security state evaluation unit is used for the security strategy that gets access to according to described security strategy acquiring unit, obtains the safety state information from described terminal, according to described safety state information terminal is carried out security state evaluation, obtains state evaluating result.
10, a kind of network system is characterized in that, comprising: first server of first network and the second network second server, wherein:
Described second server is used to receive the access request from described terminal; Ask described first network that described terminal is carried out security state evaluation, send security strategy to first server; Reception is from the state evaluating result to terminal of first server;
Described first server, be used to obtain security strategy from second server, obtain safety state information according to described security strategy from the correspondence of described terminal, according to described safety state information terminal is carried out security state evaluation and obtain state evaluating result, assessment result is fed back to second server.
11, system as claimed in claim 10 is characterized in that, described second server comprises:
Insert the request receiving element, be used to receive access request from described terminal;
The security evaluation request unit is used to ask first server that described terminal is carried out security state evaluation, sends security strategy to first server;
The state evaluating result receiving element is used to receive from the state evaluating result of first server to described terminal.
12, a kind of network equipment is characterized in that, comprising:
Insert the request receiving element, be used to receive access request from roaming terminal;
The security strategy acquiring unit is used for obtaining described security strategy according to the home network or the roaming visited network request security strategy before of described access request to described terminal;
The security state evaluation unit, be used for the security strategy that gets access to according to described security strategy acquiring unit, obtain safety state information, described terminal is carried out security state evaluation, obtain state evaluating result according to described safety state information from described terminal.
13, equipment as claimed in claim 12 is characterized in that, further comprises:
Insert response unit, be used for the state evaluating result that obtains according to described security state evaluation unit the access request of described terminal is responded.
14, a kind of network equipment is characterized in that, comprising:
Insert the request receiving element, be used to receive access request from roaming terminal;
The security evaluation request unit is used to ask the home network of this roaming terminal or the visited network before the roaming that described terminal is carried out security state evaluation, sends security strategy to described home network or visited network;
The state evaluating result receiving element is used to receive from described home network or the visited network state evaluating result to terminal.
15, equipment as claimed in claim 14 is characterized in that, further comprises:
Insert response unit, be used for the state evaluating result that gets access to according to described state evaluating result receiving element, the access request of described terminal is responded.
16, a kind of method for evaluating security state of terminal is characterized in that, comprising:
Second network receives the communication request of self terminal;
Second network or described terminal request first network carry out security state evaluation to described terminal;
Second network receives the state evaluating result to described terminal from described first network, this state evaluating result is by the request of described first network according to described second network or described terminal, obtains according to the safety state information assessment that receives self terminal.
17, method as claimed in claim 16 is characterized in that, also comprises before second network receives the step to the state evaluating result of described terminal from described first network:
Second network carries out authentication by first network to described terminal.
18, method as claimed in claim 16 is characterized in that, this method also comprises:
The second network based described state evaluating result responds to the communication request of described terminal.
19, a kind of network equipment is characterized in that, comprising:
The communication request receiving element is used to receive the communication request from roaming terminal;
The state evaluating result request unit is used to ask the home network of this roaming terminal or the visited network before the roaming that described terminal is carried out security state evaluation;
The state evaluating result receiving element is used to receive from described home network or the visited network state evaluating result to terminal.
20, equipment as claimed in claim 19 is characterized in that, further comprises:
Response unit is used for the state evaluating result that gets access to according to described state evaluating result receiving element, and the communication request of described terminal is responded.
21, a kind of network system is characterized in that, comprising: first server of first network and the second network second server, wherein:
Described second server is used to receive the communication request from described terminal; Ask described first network that described terminal is carried out security state evaluation; Reception is from the state evaluating result to terminal of first server;
Described first server, be used to receive from second server or the security state evaluation request that comes self terminal,, safe condition assessed according to the safety state information that receives self terminal according to described request, obtain state evaluating result, this assessment result is offered second server.
22, network system as claimed in claim 21 is characterized in that, described second server also is used for responding according to the communication request of described state evaluating result to described terminal.
23, a kind of method for evaluating security state of terminal is characterized in that, comprising:
Second network receives the communication request of self terminal;
Second network or described terminal request first network are collected the safety state information of described terminal;
Second network receives the described terminal security status information supplying from first network, and described terminal security status information supplying is to be collected to described terminal by the request of first network based second network or described terminal to obtain;
The second network based described safety state information is carried out security state evaluation to described terminal, obtains state evaluating result.
24, method as claimed in claim 23 is characterized in that, in the described second network based described safety state information described terminal is carried out also comprising before the step of security state evaluation:
Second network carries out authentication by first network to described terminal.
25, method as claimed in claim 23 is characterized in that, this method also comprises:
The second network based described state evaluating result responds to the communication request of described terminal.
26, a kind of network equipment is characterized in that, comprising:
The communication request receiving element is used to receive the communication request from roaming terminal;
The safety state information request unit is used to ask the home network of this roaming terminal or the visited network before the roaming that the safety state information of described terminal is collected;
The safety state information receiving element is used to receive the safety state information from the terminal of described home network or visited network collection;
The security state evaluation unit is used for the safety state information that gets access to according to described safety state information receiving element, and terminal is carried out security state evaluation, obtains state evaluating result.
27, equipment as claimed in claim 26 is characterized in that, further comprises:
Response unit is used for the state evaluating result that obtains according to described security state evaluation unit, and the communication request of described terminal is responded.
28, a kind of network system is characterized in that, comprising: first server of first network and the second network second server, wherein:
Described second server is used to receive the communication request from described terminal; Ask described first network to collect the safety state information of described terminal; The safety state information of the terminal that reception is collected from first server; According to described safety state information described terminal is carried out security state evaluation, obtain state evaluating result;
Described first server is used to receive the safety state information request from second server or described terminal, according to the safety state information of described request collection terminal, this safety state information is offered second server.
29, network system as claimed in claim 28 is characterized in that, described second server also is used for responding according to the communication request of described state evaluating result to described terminal.
30, a kind of method for evaluating security state of terminal is characterized in that, terminal is obtained credential information from first network, and this method comprises:
Second network receives the communication request and the described credential information of self terminal;
The validity of the described credential information of second network verification obtains the state evaluating result to described terminal.
31, method as claimed in claim 30 is characterized in that, also comprises receive the step of the communication request of self terminal and described credential information at described second network before:
Second network carries out authentication to described terminal.
32, method as claimed in claim 30 is characterized in that, this method also comprises:
The second network based described state evaluating result responds to the communication request of described terminal.
33, a kind of network equipment is characterized in that, comprising:
The communication request receiving element is used to receive the communication request from roaming terminal;
The credential information receiving element is used to receive the credential information from roaming terminal;
The credential information authentication unit is used to verify the validity of described credential information obtain the state evaluating result to described terminal.
34, equipment as claimed in claim 33 is characterized in that, further comprises:
Response unit is used for the state evaluating result that obtains according to described credential information authentication unit, and the communication request of described terminal is responded.
35, a kind of network system is characterized in that, comprising: first server of first network and the second network second server, wherein:
Described first server is used for providing credential information to terminal;
Described second server is used to receive communication request and described credential information from described terminal; Verify the validity of described credential information, obtain state evaluating result described terminal.
36, network system as claimed in claim 35 is characterized in that, described second server also is used for responding according to the communication request of described state evaluating result to described terminal.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810098771.3A CN101621380B (en) | 2008-02-29 | 2008-05-28 | Method for evaluating security state of terminal, network equipment and system |
| CN201310095067.3A CN103260161B (en) | 2008-02-29 | 2008-05-28 | A kind of method for evaluating security state of terminal, the network equipment and system |
| PCT/CN2009/070458 WO2009109118A1 (en) | 2008-02-29 | 2009-02-18 | Access control method of a terminal, network equipment and system |
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810065495 | 2008-02-29 | ||
| CN200810065495.0 | 2008-02-29 | ||
| CN2008100654950 | 2008-02-29 | ||
| CN200810098771.3A CN101621380B (en) | 2008-02-29 | 2008-05-28 | Method for evaluating security state of terminal, network equipment and system |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310095067.3A Division CN103260161B (en) | 2008-02-29 | 2008-05-28 | A kind of method for evaluating security state of terminal, the network equipment and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101621380A true CN101621380A (en) | 2010-01-06 |
| CN101621380B CN101621380B (en) | 2015-04-08 |
Family
ID=41055546
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810098771.3A Active CN101621380B (en) | 2008-02-29 | 2008-05-28 | Method for evaluating security state of terminal, network equipment and system |
| CN201310095067.3A Active CN103260161B (en) | 2008-02-29 | 2008-05-28 | A kind of method for evaluating security state of terminal, the network equipment and system |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310095067.3A Active CN103260161B (en) | 2008-02-29 | 2008-05-28 | A kind of method for evaluating security state of terminal, the network equipment and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (2) | CN101621380B (en) |
| WO (1) | WO2009109118A1 (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102215211A (en) * | 2010-04-02 | 2011-10-12 | 中兴通讯股份有限公司 | Communication method, and security policy negotiation method and system for supporting trusted network connect |
| CN103970651A (en) * | 2014-04-18 | 2014-08-06 | 天津大学 | Software architecture safety assessment method based on module safety attributes |
| CN107864677A (en) * | 2015-07-22 | 2018-03-30 | 爱维士软件私人有限公司 | Access to content verifies system and method |
| CN111885191A (en) * | 2020-07-30 | 2020-11-03 | 西安电子科技大学 | Computer network communication system |
| CN112073443A (en) * | 2020-11-12 | 2020-12-11 | 飞天诚信科技股份有限公司 | Method and system for accessing authentication equipment based on browser |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103209414B (en) * | 2012-01-13 | 2016-05-11 | 腾讯科技(深圳)有限公司 | A kind of method, device and mobile terminal of controlling web page access |
| CN102882923B (en) * | 2012-07-25 | 2015-04-15 | 北京亿赛通科技发展有限责任公司 | Secure storage system and method for mobile terminal |
| CN103561035A (en) * | 2013-11-11 | 2014-02-05 | 中国联合网络通信集团有限公司 | Mobile subscriber safety protection method and system |
| CN103856568B (en) * | 2014-03-25 | 2019-03-19 | 努比亚技术有限公司 | A kind of terminal prompting user terminal safe condition, system and implementation method |
| CN108052367A (en) * | 2017-12-27 | 2018-05-18 | 深圳豪客互联网有限公司 | The interface background color setting method and device of a kind of application program |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1321049A (en) * | 2000-02-09 | 2001-11-07 | 朗迅科技公司 | Enhanced safety of hand-over in radio communicaltion |
| CN1479553A (en) * | 2002-08-29 | 2004-03-03 | ��Ϊ��������˾ | Roam user information safety control equipment and roam user information interactive method |
| WO2008001338A2 (en) * | 2006-06-20 | 2008-01-03 | Alcatel Lucent | Secure communication network user mobility apparatus and methods |
| CN101123803A (en) * | 2006-08-11 | 2008-02-13 | 华为技术有限公司 | A processing method for status change of mobile station in associated reaction system |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100525184C (en) * | 2004-05-27 | 2009-08-05 | 华为技术有限公司 | Network security protecting system and method |
| CN100502406C (en) * | 2006-01-12 | 2009-06-17 | 华为技术有限公司 | Method for realizing safety interaction between mobile terminal and mobile network |
| CN101022647B (en) * | 2006-02-15 | 2010-09-08 | 华为技术有限公司 | Realizing method and device for determining safe consultation parameter in switching process |
| CN101094063B (en) * | 2006-07-19 | 2011-05-11 | 中兴通讯股份有限公司 | Security interaction method for the roam terminals to access soft switching network system |
| CN100496156C (en) * | 2007-02-16 | 2009-06-03 | 西安西电捷通无线网络通信有限公司 | A certificate roaming authentication method based on WAPI |
| CN101330401B (en) * | 2007-06-22 | 2010-12-08 | 华为技术有限公司 | Method, apparatus and system for estimating safety state |
| CN101521885B (en) * | 2008-02-26 | 2012-01-11 | 华为技术有限公司 | Authority control method, system and equipment |
-
2008
- 2008-05-28 CN CN200810098771.3A patent/CN101621380B/en active Active
- 2008-05-28 CN CN201310095067.3A patent/CN103260161B/en active Active
-
2009
- 2009-02-18 WO PCT/CN2009/070458 patent/WO2009109118A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1321049A (en) * | 2000-02-09 | 2001-11-07 | 朗迅科技公司 | Enhanced safety of hand-over in radio communicaltion |
| CN1479553A (en) * | 2002-08-29 | 2004-03-03 | ��Ϊ��������˾ | Roam user information safety control equipment and roam user information interactive method |
| WO2008001338A2 (en) * | 2006-06-20 | 2008-01-03 | Alcatel Lucent | Secure communication network user mobility apparatus and methods |
| CN101123803A (en) * | 2006-08-11 | 2008-02-13 | 华为技术有限公司 | A processing method for status change of mobile station in associated reaction system |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102215211A (en) * | 2010-04-02 | 2011-10-12 | 中兴通讯股份有限公司 | Communication method, and security policy negotiation method and system for supporting trusted network connect |
| CN102215211B (en) * | 2010-04-02 | 2016-01-20 | 中兴通讯股份有限公司 | The security policy negotiation method and system of communication means, the access of support trustable network |
| CN103970651A (en) * | 2014-04-18 | 2014-08-06 | 天津大学 | Software architecture safety assessment method based on module safety attributes |
| CN107864677A (en) * | 2015-07-22 | 2018-03-30 | 爱维士软件私人有限公司 | Access to content verifies system and method |
| CN111885191A (en) * | 2020-07-30 | 2020-11-03 | 西安电子科技大学 | Computer network communication system |
| CN112073443A (en) * | 2020-11-12 | 2020-12-11 | 飞天诚信科技股份有限公司 | Method and system for accessing authentication equipment based on browser |
| CN112073443B (en) * | 2020-11-12 | 2021-03-16 | 飞天诚信科技股份有限公司 | Method and system for accessing authentication equipment based on browser |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103260161B (en) | 2016-01-27 |
| CN101621380B (en) | 2015-04-08 |
| WO2009109118A1 (en) | 2009-09-11 |
| CN103260161A (en) | 2013-08-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101621380B (en) | Method for evaluating security state of terminal, network equipment and system | |
| CN106487777B (en) | Identity authentication method, Internet of things gateway device and authentication gateway device | |
| RU2556468C2 (en) | Terminal access authentication method and customer premise equipment | |
| KR102001544B1 (en) | Apparatus and method to enable a user authentication in a communication system | |
| CN104662873B (en) | For reducing the method and apparatus of the core network flow as caused by migration | |
| US8910282B2 (en) | System and method for protecting devices on dynamically configured network | |
| CN101335692B (en) | Method for negotiating security capability between PCC and PCE and network system thereof | |
| EP3295688B1 (en) | System and methods for providing monitoring services | |
| CN108307385A (en) | One kind preventing Signaling attack method and device | |
| CN105721412A (en) | Method and device for authenticating identity between multiple systems | |
| Li et al. | Transparent AAA security design for low-latency MEC-integrated cellular networks | |
| US20140256291A1 (en) | Device, system and method using eap for external authentication | |
| EP3324681A1 (en) | Processing method and device for accessing to 3gpp network by terminal | |
| CN101711031A (en) | Portal authenticating method during local forwarding and access controller (AC) | |
| CN101521885B (en) | Authority control method, system and equipment | |
| CN102026199A (en) | WiMAX system as well as device and method for defending DDoS attack | |
| CN104811439A (en) | Portal authentication method and device | |
| CN109792787A (en) | A kind of method and relevant device for establishing public data network connection | |
| JP6567181B2 (en) | How to detect billing fraud | |
| CN105792216A (en) | Wireless phishing access point detection method based on authentication | |
| WO2005111826A1 (en) | Communication system | |
| Al-Duwairi et al. | A novel scheme for mitigating botnet-based DDoS attacks | |
| CN102244857A (en) | Wireless local area network roaming subscriber control method, device and network system | |
| KR20160115132A (en) | Method for providing security service in cloud system and the cloud system thereof | |
| CN104935557A (en) | Method and device for controlling local network access |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |