CN101640614B - Method and device for configuring IPSEC security strategy - Google Patents
Method and device for configuring IPSEC security strategy Download PDFInfo
- Publication number
- CN101640614B CN101640614B CN2009101701559A CN200910170155A CN101640614B CN 101640614 B CN101640614 B CN 101640614B CN 2009101701559 A CN2009101701559 A CN 2009101701559A CN 200910170155 A CN200910170155 A CN 200910170155A CN 101640614 B CN101640614 B CN 101640614B
- Authority
- CN
- China
- Prior art keywords
- security
- security strategy
- strategy
- ipsec
- association
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses a method for configuring an IPSEC security strategy, comprising the following steps: generating security associations and security strategies by utilizing a secret key which is randomly generated and correspondent node information which is predetermined; negotiating with a correspondent node based on the generated security associations and the security strategies, determining usable security associations and security strategies, and selecting and preserving adopted security associations and security strategies from the usable security associations and security strategies; and configuring an IPSEC security protocol stack by utilizing the selected security associations and security strategies. The embodiment of the invention also provides a corresponding device for configuring the IPSEC security strategy. The invention can simplify the configuration process, lower the cost, realize automatic configuration, automatic update of the IPSEC security associations and security strategies, enhance the reliability and the safety and lower the maintenance cost of a system.
Description
Technical field
The present invention relates to the communication message safety technical field, be specifically related to the method and apparatus of configuring IPSEC security strategy.
Background technology
Along with the continuous development of information-based and Internet technology and deep; Safety issue in the data transmission procedure becomes increasingly conspicuous; A the most frequently used technology that solves Network Transmission safety is IP layer protocol safeguard construction (IPsec, Security Architecture for IP network), and IPsec provides security service at the IP layer; It makes system can select security protocol as required, and decision employed algorithm of service and placement demand are served required key to the relevant position.IPsec is used for protecting between one or more main frame and main frame, the path between security gateway and security gateway, between security gateway and main frame.And set up the IPSEC secure network, a wherein most important step is the Security Association (the SecurityAssociation) and the security strategy of configuring IPSEC.Security Association has determined to be used for the life cycle etc. of IPSEC agreement, key and key of protected data bag safety, and which type of safety measure the security strategy decision adopts to data flow.The foundation of Security Association and key management adopt dual mode to realize that a kind of mode is a manual configuration, and all information all needs manual configuration, and the Security Association of configuration (if not carrying out manual modification) exists always.Another kind of mode is automatic configuration, consults like internet key exchange (IKE, Internet Key Exchange Protocol), and Security Association all is to produce through consultation, and every Security Association all has certain life cycle.The configuration of security strategy all is to use the certain ACL of manual configuration (ACL, Access Control List) rule, in conjunction with the Security Association of configuration, determines the safety measure to the data flow employing with this.Whether the configuration of Security Association and security strategy is no matter adopt ike negotiation, and Configuration Management Officer all needs to be grasped IPSEC rudimentary knowledge, and layoutprocedure is more loaded down with trivial details.
Use for small-sized secure network, be equipped with like long-range calamity, data migration etc., if adopt fire compartment wall or secure router, cost is higher, the deployment cost is bigger.A kind of solution preferably is provided in the prior art; Only need original common network interface card is replaced with the IPSEC smart card; Not only can solve the safety issue in the data transmission procedure, simultaneously original operation flow not produced any impact, the processing of IPSEC is transparent.Under this applied environment, the configuration of IPSEC still needs the user to participate in, and the user needs to be grasped the deployment that IPSEC rudimentary knowledge could be accomplished the IPSEC smart card.
The scheme of a kind of manual configuration IPSEC Security Association of the prior art and security strategy, the user confirms IPSEC Security Association and security strategy according to network environment, is configured to then on every equipment.Every Security Association and security strategy need source of configuration IP, purpose IP, source port, destination interface, SPI, security protocol, IPSEC encapsulation mode, tunnel source IP, tunnel purpose IP, key etc.If network environment changes, also need reconfigure.In this scheme, every Security Association and policy configurations are very complicated, are formulated and configuration by the network management personnel, and mistake appears in workload greatly easily, flow of personnel, and system deployment and configuration cycle are long.Be easy to cause security breaches, have potential safety hazard.
Another implementation of the prior art is to adopt ike negotiation IPSEC Security Association mode, and the IPSEC strategy adopts the manual configuration mode.The IPSEC smart card need be supported the ike negotiation function, and the user formulates IPSEC strategy and ike negotiation rule according to network environment, thereby accomplishes the configuration of entire I PSEC secure network.
Adopt ike negotiation three kinds of modes to be arranged, wildcard, certificate+digital signature, rsa encryption nonce.Key Management server and authorization identifying (CA Certification Authority) server only just needs to dispose under certificate+digital signature pattern.Adopt ike negotiation, at first consult the Security Association of IKE, consult the Security Association of IPSEC afterwards.The configuration of IPSEC security strategy still need be according to network environment by user's manual configuration.The shortcoming of this scheme is, the layoutprocedure more complicated of ike negotiation, even need to dispose Key Management server and CA server, cost is higher; If adopt the wildcard mode, the complex management of key, and have the risk of divulging a secret; The IPSEC security strategy still needs manual configuration, and the layoutprocedure of IPSEC smart card is still opaque to the user, needs the user to possess the IPSEC knowledge expertise.
Summary of the invention
The embodiment of the invention provides a kind of method and IPSEC smart card of configuring IPSEC security strategy, can realize automatic configuration, upgrade IPSEC Security Association and security strategy automatically, improves reliability and safe, reduces the system maintenance cost.
The method of a kind of configuration of IP layer protocol safeguard construction IPSEC security strategy that the embodiment of the invention provides comprises:
Utilize the key and the predetermined correspondent node information that produce at random to generate first Security Association and first security strategy;
Hold consultation based on first Security Association of said generation and first security strategy and peer node, confirm available Security Association and security strategy, and from said available Security Association and security strategy, select the Security Association and security strategy and preservation that adopt;
Utilize the Security Association and the security strategy of said selection that the IPSEC security stack of protocols is configured.
A kind of IPSEC security strategy inking device that the embodiment of the invention provides comprises:
Security Association and security strategy generation module utilize the key and the pre-configured correspondent node information that produce at random to generate first Security Association and first security strategy;
Select module, hold consultation with peer node, confirm available Security Association and security strategy, the Security Association and the security strategy of selection employing from said available Security Association and security strategy based on first Security Association that is generated and first security strategy;
Memory module is used to preserve Security Association and the security strategy that said selection module is confirmed employing;
Configuration module is used for confirming that according to said selection module the Security Association and the security strategy that adopt are configured the IPSEC security stack of protocols.
In sum, the IPSEC Security Association that the embodiment of the invention provides and the allocation plan of security strategy utilize the key and the predetermined correspondent node information that produce at random to generate Security Association and security strategy; Hold consultation based on the Security Association that is generated and security strategy and peer node, confirm available Security Association and security strategy.Greatly simplify layoutprocedure, the user only needs the peer node of configuration communication, reduces the technical ability requirement to the user, quickens layoutprocedure.Layoutprocedure is independently accomplished by the IPSEC smart card, does not need the extras support, reduces the system deployment cost.The IPSEC smart card not only on the function and also configuration go up transparently fully to operation system, reduce overhead and management cost, significantly improve the secondary system development rate.Can realize automatic configuration according to the present invention, upgrade IPSEC Security Association and security strategy automatically, improve reliability and safe, reduce the system maintenance cost.
Description of drawings
In order to be illustrated more clearly in the technical scheme in the embodiment of the invention; The accompanying drawing of required use is done to introduce simply in will describing embodiment below; Obviously, the accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
The configuring IPSEC Security Association that Fig. 1 provides for the embodiment of the invention one and the method flow diagram of security strategy;
The configuring IPSEC Security Association that Fig. 2 provides for the embodiment of the invention two and the method flow diagram of security strategy;
Fig. 3 is the negotiation flow chart of Security Association and security strategy in the embodiment of the invention two;
A kind of IPSEC security strategy inking device configuration diagram that Fig. 4 provides for the embodiment of the invention;
Select the formation sketch map of module in the IPSEC security strategy inking device that Fig. 5 provides for the embodiment of the invention;
The another kind of formation sketch map of selecting module in the IPSEC security strategy inking device that Fig. 6 provides for the embodiment of the invention.
Embodiment
To combine the accompanying drawing in the embodiment of the invention below, the technical scheme in the embodiment of the invention is carried out clear, intactly description, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
In the IPSEC application of IC cards, under the clear and definite situation of internodal communication, need not dispose fuzzy Data Stream Processing strategy, the communication of IPSEC intermediate node is point-to-point.Based on the definite situation of this peer node; The method of the configuring IPSEC security strategy that the embodiment of the invention provides and IPSEC smart card; The Security Association of IPSEC and the configuration of security strategy are simplified; Automatically disposed by the IPSEC smart card, the user only needs the peer node of configuration communication, and transparent fully about the configuration detail of IPSEC.
Embodiment one
With reference to Fig. 1, the method for a kind of configuring IPSEC security strategy that the embodiment of the invention provides comprises:
S01 utilizes the key and the predetermined correspondent node information that produce at random to generate first Security Association and first security strategy;
With the peer node of this node communication can be pre-configured according to actual network environment by the user.
S02; Hold consultation based on first Security Association of said generation and first security strategy and peer node; Confirm available Security Association and security strategy, and from said available Security Association and security strategy, select and peer node between the Security Association and security strategy and preservation that adopt;
S03 utilizes selected Security Association and security strategy that the IPSEC security stack of protocols is configured.
The allocation plan that the embodiment of the invention provides utilizes the key and the predetermined correspondent node information that produce at random to generate Security Association and security strategy; And consult with peer node, confirm the Security Association and the security strategy that adopt.Layoutprocedure is independently accomplished by the IPSEC smart card, greatly simplifies layoutprocedure, reduces the technical ability requirement to the user, quickens layoutprocedure.Can realize automatic configuration according to the present invention, upgrade IPSEC Security Association and security strategy automatically, improve reliability and safe, reduce the system maintenance cost.
Embodiment two
With reference to Fig. 2, a kind of configuring IPSEC Security Association that the embodiment of the invention provides and the method for security strategy comprise:
S201 utilizes the key and the predetermined correspondent node information that produce at random to generate first Security Association and first security strategy;
For configuring IPSEC Security Association and security strategy, the user need be pre-configured according to actual network environment and the peer node of this node communication.
S202 holds consultation based on first Security Association that is generated and first security strategy and peer node, confirms available Security Association and security strategy;
At first, search and judge whether to receive negotiation packet from peer node.If receive, second Security Association that then will carry from the negotiation packet of peer node and second security strategy and first Security Association and first security strategy are compared; Confirm available Security Association and security strategy according to comparison result.Further, when Security Association that selection is adopted and security strategy, can obtain the IPSEC smart card ID of local terminal and opposite end, can from available Security Association and security strategy, select Security Association and security strategy to be configured according to the IPSEC smart card ID.Particularly; The IPSEC smart card ID value of local terminal and the IPSEC smart card ID value from the negotiation packet of peer node that is received are compared; Select ID value bigger Security Association and the security strategy of confirming final employing, and Security Association and security strategy are saved in the Security Association and security strategy table of configuration.If do not receive negotiation packet, then first Security Association that is generated and first security strategy are sent to peer node, and this first Security Association and first security strategy are saved in the Security Association and security strategy table of transmission from peer node.
With reference to Fig. 3, the process that local terminal and peer node are held consultation comprises:
A1) obtain the IPSEC smart card ID of local terminal; Utilize public key that said first Security Association and first security strategy are encrypted, the line data of going forward side by side is sealed dress, obtains first negotiation packet;
A2) IPSEC smart card ID and this first negotiation packet with local terminal sends to peer node.
A3) with said first Security Association and the first security strategy encrypting storing in Security Association that has sent and security strategy table.
B) receive second negotiation packet of peer node transmission and the IPSEC smart card ID of opposite end, this message comprises second Security Association and second security strategy that peer node generates; And second Security Association that carries in the second received negotiation packet and second security strategy be saved in the Security Association and security strategy table of reception.
C) obtain said second Security Association and second security strategy, and said second Security Association and second security strategy and said first Security Association and first security strategy are compared; Confirm available Security Association and security strategy according to comparison result.
S203, Security Association that adopts between selection and the peer node and security strategy are also preserved;
Obtain the IPSEC smart card ID of local terminal and opposite end, according to the IPSEC smart card ID from available Security Association and security strategy, select and peer node between the Security Association and the security strategy that adopt.
For example; The IPSEC smart card ID value of local terminal and the IPSEC smart card ID value of negotiation packet are compared; By the bigger IPSEC smart card of ID value corresponding Security Association and final Security Association and the security strategy that adopts of security strategy conduct; And Security Association and security strategy be saved in the Security Association and security strategy table of configuration, supply subsequent configuration to use.
S204 utilizes the Security Association and the security strategy of being preserved that the IPSEC security stack of protocols is configured.
From Security Association and the security strategy table of configuration, obtain Security Association and security strategy, and the IPSEC protocol stack is configured, thus the automatic configuration of completion IPSEC Security Association and security strategy.
S205, the Security Association and the security strategy of preserving are upgraded.
The transmission of timing scan Security Association and security strategy, reception, allocation list; For Security Association that has sent and security strategy table; If life cycle finishes; Then duplicate again and generate Security Association and security strategy, and the negotiation packet of alliance safe to carry and security strategy is sent to peer node, once more negotiating about security alliance and security strategy.For the Security Association and the security strategy table that receive,, then directly dispose if life cycle finishes.Security Association and security strategy table for configuration then regenerate, and dispose original Security Association and security strategy again, and call Security Association and security strategy transmitter, negotiating about security alliance and security strategy again.
With reference to Fig. 4, a kind of IPSEC security strategy inking device 400 that the embodiment of the invention provides can be described as the IPSEC smart card, comprising:
Security Association and security strategy generation module 410 utilize the key and the pre-configured correspondent node information that produce at random to generate first Security Association and first security strategy;
Select module 420; Hold consultation based on first Security Association that is generated and first security strategy and peer node; Confirm available Security Association and security strategy, from said available Security Association and security strategy, select the Security Association and the security strategy that adopt;
Particularly, can according to the IPSEC smart card ID from available Security Association and security strategy, select and peer node between the Security Association and the security strategy that adopt.
For example; The IPSEC smart card ID value of local terminal and the IPSEC smart card ID value of negotiation packet are compared; By ID value bigger Security Association and the security strategy of confirming final employing; And Security Association and security strategy be saved in the Security Association and security strategy table of configuration, supply subsequent configuration to use.
Memory module 430 is used to preserve Security Association and the security strategy that said selection module is confirmed employing;
Be used to preserve and select the Security Association and the security strategy that adopt between that confirm and the peer node of module 420 and the Security Association and security strategy table, the Security Association of transmission and the Security Association and the security strategy table of security strategy table and configuration that receive.
Configuration module 440 is used for confirming that according to said selection module the Security Association and the security strategy that adopt are configured the IPSEC security stack of protocols.
Particularly, can the IPSEC security stack of protocols be configured from Security Association and the security strategy that memory module 440 is obtained employing.
As shown in Figure 5, a kind of selection module 420 that the embodiment of the invention provides specifically can comprise:
Receiving element 421 is used to receive second negotiation packet that peer node sends, and said second negotiation packet comprises second Security Association and second security strategy that peer node generates;
Receive second negotiation packet that carries second Security Association and second security strategy that peer node sends; Obtain second Security Association and second security strategy; And second Security Association that is obtained and second security strategy be saved in the Security Association and security strategy table of reception.
Comparing unit 422 is used for said second Security Association and second security strategy and said first Security Association and first security strategy are compared, and obtains comparison result, to confirm available Security Association and security strategy.
As shown in Figure 6, a kind of selection module 420 that the embodiment of the invention provides can comprise:
Acquiring unit 423 is used to obtain the IPSEC smart card ID of local terminal;
Transmitting element 425 is used for the IPSEC smart card ID and first negotiation packet of local terminal are sent to peer node, to confirm available Security Association and security strategy.
Transmitting element 424 is taking-up first Security Association and first security strategy to be sent from the Security Association that sends and security strategy table; Obtain local IPSEC smart card ID again; After utilizing public secret key encryption; Encapsulate and obtain first negotiation packet, and put into the negotiation packet formation, then first negotiation packet is sent.And first Security Association that will send and first security strategy are saved in the Security Association and security strategy table of transmission.
Security strategy inking device 400 also comprises:
Update module 450, the Security Association and the security strategy that are used for said memory module is preserved are upgraded.
Transmission, reception, the allocation list of update module 450 timing scan Security Associations and security strategy; For Security Association that has sent and security strategy table; If life cycle finishes; Then duplicate again and generate Security Association and security strategy, and the negotiation packet of alliance safe to carry and security strategy is sent to peer node, once more negotiating about security alliance and security strategy.For the Security Association and the security strategy table that receive,, then directly dispose if life cycle finishes.Security Association and security strategy table for configuration then regenerate, and dispose original Security Association and security strategy again, and call Security Association and security strategy transmitter, negotiating about security alliance and security strategy again.
In sum, the IPSEC Security Association that the embodiment of the invention provides and the allocation plan of security strategy utilize the key and the predetermined correspondent node information that produce at random to generate Security Association and security strategy; Hold consultation based on the Security Association that is generated and security strategy and peer node, confirm available Security Association and security strategy.Greatly simplify layoutprocedure, the user only needs the peer node of configuration communication, reduces the technical ability requirement to the user, quickens layoutprocedure.Layoutprocedure is independently accomplished by the IPSEC smart card, does not need the extras support, reduces the system deployment cost.The IPSEC smart card not only on the function and also configuration go up transparently fully to operation system, reduce overhead and management cost, significantly improve the secondary system development rate.Can realize automatic configuration according to the present invention, upgrade IPSEC Security Association and security strategy automatically, improve reliability and safe, reduce the system maintenance cost.
Obviously, it is apparent to those skilled in the art that above-mentioned each unit of the present invention or each step can realize with the general calculation device; They can concentrate on the single calculation element; Perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element; Thereby; Can they be stored in the storage device and carry out, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of unit in them or step are made into the single integrated circuit module and realize by calculation element.Like this, the present invention is not restricted to any specific hardware and software combination.
The above is merely preferred embodiment of the present invention, is not to be used to limit protection scope of the present invention.All any modifications of within spirit of the present invention and principle, being done, be equal to replacement, improvement etc., all be included in protection scope of the present invention.
Claims (9)
1. the method for a configuration of IP layer protocol safeguard construction IPSEC security strategy is characterized in that, comprising:
Utilize the key and the predetermined correspondent node information that produce at random to generate first Security Association and first security strategy;
Hold consultation based on first Security Association of said generation and first security strategy and peer node, confirm available Security Association and security strategy, and from said available Security Association and security strategy, select the Security Association and security strategy and preservation that adopt;
Utilize the Security Association and the security strategy of said selection that the IPSEC security stack of protocols is configured.
2. the method for configuring IPSEC security strategy as claimed in claim 1 is characterized in that, said process of holding consultation with peer node comprises:
Receive second negotiation packet that peer node sends, said second negotiation packet comprises second Security Association and second security strategy that peer node generates;
Said second Security Association and second security strategy and said first Security Association and first security strategy are compared, obtain comparison result, to confirm available Security Association and security strategy.
3. the method for configuring IPSEC security strategy as claimed in claim 1 is characterized in that, said process of holding consultation with peer node comprises:
Obtain the IPSEC smart card ID of local terminal;
Utilize public key that said first Security Association and first security strategy are encrypted, the line data of going forward side by side is sealed dress, obtains first negotiation packet;
The IPSEC smart card ID and said first negotiation packet of local terminal are sent to peer node, to confirm available Security Association and security strategy.
4. the method for configuring IPSEC security strategy as claimed in claim 1 is characterized in that, Security Association and security strategy that said selection is adopted comprise:
Obtain the IPSEC smart card ID of local terminal and opposite end, from said available Security Association and security strategy, select the Security Association and the security strategy that adopt according to the said IPSEC smart card ID of obtaining.
5. the method for configuring IPSEC security strategy as claimed in claim 1 is characterized in that, also comprises:
Security Association and security strategy to preserving are upgraded.
6. an IPSEC security strategy inking device is characterized in that, comprising:
Security Association and security strategy generation module utilize the key and the pre-configured correspondent node information that produce at random to generate first Security Association and first security strategy;
Select module, hold consultation with peer node, confirm available Security Association and security strategy, the Security Association and the security strategy of selection employing from said available Security Association and security strategy based on first Security Association that is generated and first security strategy;
Memory module is used to preserve Security Association and the security strategy that said selection module is confirmed employing;
Configuration module is used for confirming that according to said selection module the Security Association and the security strategy that adopt are configured the IPSEC security stack of protocols.
7. security strategy inking device as claimed in claim 6 is characterized in that, said selection module comprises:
Receiving element is used to receive second negotiation packet that peer node sends, and said second negotiation packet comprises second Security Association and second security strategy that peer node generates;
Comparing unit is used for said second Security Association and second security strategy and said first Security Association and first security strategy are compared, and obtains comparison result, to confirm available Security Association and security strategy.
8. security strategy inking device as claimed in claim 6 is characterized in that, said selection module comprises:
Acquiring unit is used to obtain the IPSEC smart card ID of local terminal;
Ciphering unit is used to utilize public key that said first Security Association and first security strategy are encrypted, and encapsulates and obtain first negotiation packet;
Transmitting element is used for the IPSEC smart card ID and said first negotiation packet of local terminal are sent to peer node, to confirm available Security Association and security strategy.
9. like each described security strategy inking device in the claim 6 to 8, it is characterized in that, also comprise:
Update module, the Security Association and the security strategy that are used for said memory module is preserved are upgraded.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101701559A CN101640614B (en) | 2009-09-03 | 2009-09-03 | Method and device for configuring IPSEC security strategy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101701559A CN101640614B (en) | 2009-09-03 | 2009-09-03 | Method and device for configuring IPSEC security strategy |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101640614A CN101640614A (en) | 2010-02-03 |
| CN101640614B true CN101640614B (en) | 2012-01-04 |
Family
ID=41615420
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009101701559A Active CN101640614B (en) | 2009-09-03 | 2009-09-03 | Method and device for configuring IPSEC security strategy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101640614B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102970293B (en) * | 2012-11-20 | 2016-05-04 | 杭州华三通信技术有限公司 | A kind of equipment room Security Association synchronous method and device |
| CN105763318B (en) * | 2016-01-29 | 2018-09-04 | 新华三技术有限公司 | A kind of wildcard obtains, distribution method and device |
| CN108989342B (en) * | 2018-08-23 | 2021-02-05 | 新华三信息安全技术有限公司 | Data transmission method and device |
| CN112840615B (en) * | 2018-10-19 | 2023-07-11 | 上海诺基亚贝尔股份有限公司 | Method and apparatus for policy management |
| CN111614691B (en) * | 2020-05-28 | 2021-06-22 | 广东纬德信息科技股份有限公司 | Outbound message processing method and device based on power gateway |
| CN112738114B (en) * | 2020-12-31 | 2023-04-07 | 四川新网银行股份有限公司 | Configuration method of network security policy |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101238669A (en) * | 2005-07-15 | 2008-08-06 | 微软公司 | Automatically generating rules for connection security |
| CN101309273A (en) * | 2008-07-16 | 2008-11-19 | 杭州华三通信技术有限公司 | Method and device for generating safety alliance |
-
2009
- 2009-09-03 CN CN2009101701559A patent/CN101640614B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101238669A (en) * | 2005-07-15 | 2008-08-06 | 微软公司 | Automatically generating rules for connection security |
| CN101309273A (en) * | 2008-07-16 | 2008-11-19 | 杭州华三通信技术有限公司 | Method and device for generating safety alliance |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101640614A (en) | 2010-02-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107306214B (en) | Method, system and related equipment for connecting terminal with virtual private network | |
| CN103067158B (en) | Encrypting and decrypting method, encrypting and decrypting device and key management system | |
| US6115376A (en) | Medium access control address authentication | |
| US8417218B2 (en) | SIM based authentication | |
| JP4442795B2 (en) | Portable device to protect packet traffic on host platform | |
| US20020032853A1 (en) | Secure dynamic link allocation system for mobile data communication | |
| CN110535653A (en) | A kind of safe distribution terminal and its means of communication | |
| CN101640614B (en) | Method and device for configuring IPSEC security strategy | |
| ES2263264T3 (en) | PROCEDURE AND SYSTEM FOR THE PROCESSING OF MESSAGES IN A TELECOMMUNICATIONS SYSTEM. | |
| CN109088870A (en) | A kind of method of new energy plant stand generator unit acquisition terminal secure accessing platform | |
| CN104660567B (en) | D2D terminal access authentications method, D2D terminals and server | |
| RU2011144921A (en) | METHOD FOR RECEIVING ACCESS CONTROL CLIENT, METHOD FOR MODIFICATION OF THE OPERATION SYSTEM OF THE DEVICE, WIRELESS DEVICE AND NETWORK DEVICE | |
| EP3482549A1 (en) | Method and system for dual-network authentication of a communication device communicating with a server | |
| CN1941695B (en) | Method and system for generating and distributing key during initial access network process | |
| CN115567210A (en) | Method and system for realizing zero trust access by quantum key distribution | |
| CN110650009B (en) | Mobile network and communication method | |
| CN101212753A (en) | Safety protection method for data stream | |
| CN109151823B (en) | eSIM card authentication method and system | |
| CN109756336A (en) | A kind of authentication method, V2X computing system and V2X calculate node | |
| CN111901301B (en) | Security protection method based on network multimedia equipment data transmission | |
| CN102547702B (en) | User authentication method, system and password processing device | |
| WO2015108453A1 (en) | System, methods and apparatuses for providing network access security control | |
| CN108616877B (en) | Communication method, system and equipment of small base station | |
| CN112953725B (en) | Method and device for determining private key of equipment, storage medium and electronic device | |
| CN105743859B (en) | A kind of method, apparatus and system of light application certification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: HUAWEI DIGITAL TECHNOLOGY (CHENGDU) CO., LTD. Free format text: FORMER NAME: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River Patentee after: HUAWEI DIGITAL TECHNOLOGIES (CHENG DU) Co.,Ltd. Address before: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River Patentee before: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220829 Address after: No. 1899 Xiyuan Avenue, high tech Zone (West District), Chengdu, Sichuan 610041 Patentee after: Chengdu Huawei Technologies Co.,Ltd. Address before: 611731 Qingshui River District, Chengdu hi tech Zone, Sichuan, China Patentee before: HUAWEI DIGITAL TECHNOLOGIES (CHENG DU) Co.,Ltd. |