CN101771619A - Network system for realizing integrated security services - Google Patents
Network system for realizing integrated security services Download PDFInfo
- Publication number
- CN101771619A CN101771619A CN201010125028A CN201010125028A CN101771619A CN 101771619 A CN101771619 A CN 101771619A CN 201010125028 A CN201010125028 A CN 201010125028A CN 201010125028 A CN201010125028 A CN 201010125028A CN 101771619 A CN101771619 A CN 101771619A
- Authority
- CN
- China
- Prior art keywords
- network
- service
- control
- qos
- business
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a network system for realizing integrated security services, which comprises the classification separation of data transmission, the security, confidentiality and the QoS (quality of service) guarantee of application services, the integrated security protection of the network system and network management. The network system has the advantage of integrated design of the data transmission, the security protection and application services, thereby constructing a high-efficient security network platform with the QoS guarantee capable of bearing various types of services. Integrated network security is to apply security protective measures in all aspects of network communication and make the security protective measures mutually cooperate and support to guarantee security performance and communication efficiency; and the integrated network services support integrated services such as voice, video, data and the like and guarantee security and QoS of various types of services.
Description
Technical field
The present invention relates to a kind of network system that realizes the integrated safe service.
Background technology
Continuous development evolution along with informationized society, people's communication requirement from single speech or data communication to the interactive multimedia information Communication Development, network system is from the integrated network development to speech, video and uniform data service of the autonomous system of service respectively.In recent years, the IP technology has obtained fast development, is the common recognition that core integration construct network has obtained industry with the IP technology.Yet problems such as the fail safe of general purpose I P network and QoS have restricted the fast development of integrated network.
There is following safety problem in IP network: the original intention of IP design of protocol is to follow the principle of open and equality, does not do too much consideration aspect network security, makes to have many potential safety hazards in the existing IP protocol architecture.These safety problems are mainly from design, management, planning and application to the IP technology.With regard to the IP technology itself, exist following point to influence network security: 1) network is put on an equal footing management information, control signaling and the business datum of carrying, does not have user and network interface interface clearly, causes influencing each other.As easy as rolling off a log influence and the interference that is subjected to user behavior of the normal operation of network, even be controlled by the user.
2) IP address and network ip address are not distinguished.The Any user terminal can directly send to the IP grouping any apparatus in the network.User terminal is attacked the network equipment become possibility.
3) the free access network of user, and lack effective source address check.User terminal can be initiated flow attack or spoofing attack to network by cook source address, and can't trace.
4) customer service lacks control, can't supervise, cause illegal use out of control, spread unchecked.
5) IP grouping plaintext transmission, information very easily eavesdrop, distorted, counterfeit, the IP head has that complete source, destination address information are very easily illegally utilized, analysis.
In traditional IP, the general all kinds of safe and secret equipment of stack that adopt improve network and service security.Such as safety means such as Network Isolation, fire compartment wall, authentication service, intrusion detection, vulnerability scannings, and privacy devices such as link layer, network layer and application layer.This security protection system that makes up by stacked system has improved network and service security security performance to a certain extent, but also have some problems: network performance is limited: the safe and secret equipment of stack produces additional transmissions and administration overhead in network, the part bandwidth resources have been taken, increased the forwarding time delay of business datum, bigger to the communication performance influence; And with respect to the network switching equipment, the packet forward rate of safe and secret equipment is generally lower, lacks corresponding queue scheduling mechanism, and the network exchange forwarding performance can't be given full play to, and easily produces communication performance bottleneck, and professional QoS is difficult to be guaranteed.
Equipment room is difficult to co-ordination: each safe and secret equipment works alone in network, provides corresponding safe and secret function in different aspects respectively.Because lack incorporate Security Architecture, each equipment room has formed safe slit.For example the safety measure of physical layer and link layer (as single channel encryption equipment) can't solve the network layer address fraud problem, the safety measure of network layer (as fire compartment wall) can't be discerned the malicious data with the filtration application layer, and the safety measure of application layer is then to powerless at the attack of underlying basis facility.The network switching equipment and safe and secret equipment room also lack necessary contact simultaneously, influence each other, can not co-ordination.And also have safe slit by the interconnect interface of External cable, bring hidden danger to network security.
Security protection is incomplete: the safety prevention measure of each equipment or strategy are with the functional localization difference; its completeness and complexity have nothing in common with each other; cause the part safety function overlapping on the one hand; reduced communication usefulness; the security strategy of each equipment is difficult for keeping harmonious on the other hand, and the strategy of mutual exclusion or omission easily causes the unusual or generation security breaches of network service.Under Traditional IP agreement system, safety prevention measure is difficult to effectively be dissolved into each aspect of network, can't carry out security monitoring to the overall process of service communication.In addition, communication between devices adopts general procotol, and intrinsic safety problem still exists, the security protection ability of self a little less than.
Device category is various, deployment and way to manage is different, network opening and working service difficulty: safe and secret equipment various in style, that function is different has not only reduced the reliability of the network operation, and has consumed a large amount of funds spendings.Safe and secret equipment needs to dispose planning accordingly according to different applied environments, and the configuration of various kinds of equipment, condition managing, and key management and distribution are established one's own system, policy configurations and working service operation are very complicated, require the network planning and management maintenance personnel to possess higher professional skill.In the face of the continuous expansion of applied business and the security threat that emerges in an endless stream, need continuous revision strategies or device upgrade, the sustainable development of network and function expansion are restricted.
The NGN/IMS framework can provide multi-service to use and reach flexibly application extension easily, has become to fix the basis of merging evolution with the mobile network.The horizontal framework that the NGN/IMS framework adopts is professional, control, carrying separate fully has concentrated user property and inserts characteristics such as irrelevant, supports user mobility, and the business interface of IP multimedia service and standard open flexibly is provided.But still have some problems to be solved at present in this structure system: 1) the QoS problem of bearing bed: to the IPQoS technology itself, InterServ and DiffServ service model provide technical support in different aspects for QoS.Along with the development and the application of MPLS technology, provide effective way for thoroughly solving the IPQoS problem.Yet IP network is still based on data service, because in large scale at present, system is different, and standard differs, and every QoS technology is difficult to effective enforcement in IP network, can not bring into play its design performance, so real time business such as speech, video can not get gratifying QoS performance all the time.In addition, the NGN key-course lacks necessary, unified control to bearing bed, makes different loading inconsistent for the QoS that business provides.
2) safety issue: NGN mainly with IP network as bearer network, exist the safety of IP network intrinsic safety issue, particularly key-course bigger to the influence of communication service.The safety measure that relates in present NGN framework is far from being enough, need solve the key-course safety issue from system.
3) connectivity problem end to end: the fusion of multiple business is linked in the network different terminals.Because the sign of terminal iidentification in network there are differences, use telephone number, terminal to use the IP address such as telephone terminal, even the part terminal uses Customs Assigned Number as sign, how to set up session between different terminals, and realizing interconnects becomes at first needs the problem that solves.And the NAT at user network and public network edge and user move to make to be connected end to end and become more complicated.Therefore need unified session connection controlling mechanism to realize connecting end to end, and realize the mapping of the terminal iidentification and the network address, thereby finish routing addressing by unified changing the mechanism.
4) network interconnection intercommunication problem: since the NGN technology this in continuous development, agreement itself also needs constantly to improve and replenish according to business demand.Present agreement identical or similar functions is also failed unified, and the compatibility between agreement makes interconnecting of network also have defective.
5) network and professional problem of management: along with increasing of professional and customer volume, network management becomes and becomes increasingly complex, and except that performance, configuration, fault and accounting management, also should possess administrative mechanisms such as unified network security and QoS.And management such as user's service bandwidth, QoS of survice, business function, business safety grade are also needed to strengthen.
Summary of the invention
In order to overcome the above-mentioned shortcoming of prior art, the invention provides a kind of network system that realizes integrated safe service, by network security and network integration of services design, make up safety and QoS is guaranteed, can carry the multiple services network platform.
Technical scheme of the present invention is: a kind of network system that realizes the integrated safe service comprises information classification isolated system, integrated service service system, service quality guarantee system, comprehensive safety protecting system and Integrated Network Management system; Described information classification isolated system: for the various information in the network provides independently route switching; Guarantee in user's access, route switching, relay transmission, QoS, safe and secret each link is to processings of classifying of business datum, signaling message and network management information, realizes professional, control and the classification isolation of management information in network; The information data that classification is isolated has independently bandwidth resources in network, and independently route switching and QoS safeguard measure; Has relatively independent transmission channel between terminal and switching node and between switching node; Described integrated service service system: adopt the secured session connection protocol, realization service admittance control function, the professional transmission channel of realization are set up controlled function, address (ADDR relationship map function, key distribution bearing function, QoS accommodating control function and function of safety protection; Described service quality guarantee system: the end-to-end service that connection is arranged is provided; Data to business, control and management layer are carried out Differentiated Services; Data flow in the network is carried out traffic policing; Dynamically find to satisfy the optimal path of QoS requirement by the QoS route, realize traffic engineering; Admit control that control is admitted in the session connection of business by QoS; Described comprehensive safety protecting system: comprise the employing of information classification isolation, network boundary protection, applied business access control and protecting data encryption measure, described information classification is isolated the attribute of the user port that is meant network, network trunk port, management port and is distinguished, user terminal is inserted from user port, what its signaling message and management information can only be transmitted to access node is connected controller and OAMAgent, and business datum can only exchange forwarding in service layer; The network switching equipment carries out independently route switching to business, control and management data, and trunk is set up independently transmission channel respectively for business, control and management data, and each interchannel does not disturb mutually; Described network boundary protection is meant by the user security access protocol, legitimacy is carried out in the access of user terminal differentiate, the transmission link of user service data is set up under the connection control of key-course in real time, removes after the service ending; Described applied business access control is meant that in the session connection process connection of key-course control is carried out authenticity verification to signaling, sets up transmission channel end to end for business datum under session connection control; Described Integrated Network Management system: adopt differentiated control, gather step by step, central controlled way to manage, realize the subregion decentralized management.
Compared with prior art, good effect of the present invention is: the present invention makes up the network platform of secure and trusted and diversification service by network security and network integration of services design.
Integral network safety is each aspect of safety prevention measure being dissolved into network service, cooperatively interacts, and supports mutually, guarantees the security performance and the usefulness of communicating by letter.Integral network safety is mainly reflected in: the classification of information is isolated information such as business, control and management is isolated mutually, various information has independently route switching, transmission bandwidth, QoS guarantee and safety prevention measure in network, can effectively guarantee the safety of network system self; User's safety inserts carries out access authentication to terminal equipment, realizes the address (ADDR conversion, and business datum is carried out integrality and resisted playback to wait security protection, can effectively improve the security protection ability of network boundary; The safety interconnection of node authenticates the legitimacy of interconnecting nodes, and internodal data are carried out security protections such as integrality and anti-playback, can effectively stop illegal node access network; Professional access control authenticates user identity and authority, and at Web portal the session connection of business, type, flow etc. is controlled, and can effectively stop invalid data to enter network.
Integrated services such as integrated network service support speech, video and data guarantee the QoS of all kinds of business.Under unified service conversation control, network provides three kinds of carrying services: the service that connection is arranged, have QoS to guarantee is applicable to real time business; The service of connection is arranged, be applicable to business such as instant messaging and P2P; The service of doing one's best is applicable to common data services; Isolate by information classification, network can be all kinds of business relatively independent network environment is provided, and isolates mutually between business, and provides corresponding QoS to ensure at the characteristics of Various types of data; Service conversation Control Allocation address (ADDR mapping relations match with the network route switching and to realize that address (ADDR separates, and have improved network and service security performance on the one hand, can support on the other hand to move and application such as multicast.
Embodiment
Disclosed all features in this specification, or the step in disclosed all methods or the process except mutually exclusive feature and/or step, all can make up by any way.
Disclosed arbitrary feature in this specification (comprising any accessory claim, summary and accompanying drawing) is unless special narration all can be replaced by other equivalences or the alternative features with similar purpose.That is, unless special narration, each feature is an example in a series of equivalences or the similar characteristics.
A kind of safety service system of integrated network should satisfy the user to using professional and safe and secret demand, guarantees the service quality of communication service, guarantees the security performance of network system.Comprise: classification isolation network, integrated service service, service quality assurance, comprehensive safety protecting and five basic fundamental systems of Integrated Network Management.Classification isolation network technical system provides relatively independent route switching and transmission service for information such as business, control and management; Integrated service service technology system realizes professional session connection control, and multiple application service is provided, and possesses the extended capability of applied business simultaneously; The service quality guarantee system provides the excellent communications quality assurance by the multiple measure of integrated use for real time business such as speech, videos, improves the service performance of entire system; The comprehensive safety protecting technical system is dissolved into each aspect of business, network and management, and every safety prevention measure is interrelated, harmonious, guarantees the safety of professional and network; The Integrated Network Management technical system is responsible for, effectively management comprehensive, unified to network, equipment and service implementation.
1) classification isolation network technical system realizes the grouping route switching of big capacity, high bandwidth in conjunction with the technical advantage of IP and MPLS, to support integrated services such as speech, video and data; Simultaneously, for guaranteeing network security and service quality, each links such as system guarantees in user's access, route switching, relay transmission, QoS, safe and secret are to processings of classifying of business datum, signaling message and network management information, realize professional, control and the classification isolation of management information in network; The information data that classification is isolated has independently bandwidth resources in network, and independently route switching and QoS safeguard measure; Have independently transmission channel between terminal and switching node and between switching node, Various types of data is taken their own roads, and does not disturb mutually; For different operation systems makes up relatively independent network environment, on unified network foundation platform, service layer can further be divided into a plurality of professional sublayers, constitutes the separate subnet of a plurality of different scales and topological structure.Applied business between subnet can be independently, is independent of each other, also can be in intercommunication under the controlled condition.Such as, real time business such as real time business subnet voice-over, video; Data service subnet A carrying point-to-point compunication business; Data service subnet B carrying web browsing business etc.System sets up independently transmission channel for each subnet, and distributing independent address and bandwidth resources are carried out independently route switching and QoS and guaranteed.
2) integrated service service technology system is with reference to the NGN framework model, follow the design philosophy that business, control and carrying are separated from each other, provide professional comprehensive service capability such as speech, video and data, support to move and insert and multicast service: key-course is mainly finished session connection control, realizes basic call and session connection function; Operation layer mainly provides services such as business, authentication, strategy, database; Broadband users' such as multimedia terminal, LAN (Local Area Network), broadband dialing, broadband wireless access is mainly realized in the access sublayer of transport layer, and the access of telephone network, mobile network; The carrying sublayer of transport layer provides independently carrying service for signaling and business; Integrated service service technology system makes business be independent of network, for providing new business to create an enabling environment fast, flexibly, effectively future.
Connecting control is the Core Feature of integrated service service system, mainly finishes following function: the session connection controlled function: finish basic and the session connection flow process that strengthens.
Number or address resolution function: finish the telephone number of customer call or the parsing of other address information, carry out route analysis, search called node or redirected according to number.
IWF: finish conversion and flow process control to the signaling of existing network or agreement by SGW.
Media gateway controlling: be responsible for finishing controls such as Link State, time interval resource and subdivision connection function, to the subscriber signaling of terminal access media gateway and professional transmitting-receiving control to media gateway.
Agreement (signaling) adaption function: be responsible for carrying out adaptive and transmission to existing network protocol.
Service management: finish record, comprise Subscriber Number or address, call duration time, failure cause etc., the related data of service management is provided to network management system to service condition.
Integral network safety service framework carries out unified session connection control to all kinds of business.In packet network, call out the general Session Initiation Protocol that adopts of control and realize.The Session Initiation Protocol simple and flexible, autgmentability is strong, possesses terminal detectability, online detection, supports abilities such as mobility, multicast, is designated as the control protocol of third generation network, uses very extensive.For realizing network security and network integration of services, system uses for reference the basic design philosophy and the flow process of Session Initiation Protocol, and in conjunction with the requirement of key-course function expansion, Session Initiation Protocol is optimized and replenishes, incorporate safety Design, forming special-purpose secured session connection protocol (is called for short: the SCLP agreement), particular content comprises: (1) service admittance control function: session control is carried out the legitimacy authentication to communicating pair, and transmission channel and route switching service are opened or closed to the Control Network inlet for this business.
(2) professional transmission channel is set up controlled function: session control is set up the transmission channel of bearer service data to the network application.According to the QoS demand of business, mainly comprise the path of three kinds of fundamental types: the path that has connection and QoS to guarantee is applicable to real time business; The path that has connection, no QoS to guarantee is applicable to business such as instant messaging and P2P; Do not have the path that connects, does one's best, be applicable to common data services.In addition, according to business the QoS demand also be can be the transmission channel that QoS characteristics such as minimal time delay, maximum bandwidth or minimal-overhead are set up in professional application.
(3) address (ADDR relationship map function: in the session connection process, determine the mapping relations of terminal iidentification, user ID and service identification and the network address, and offer user port and carry out address (ADDR conversion, realize that address (ADDR separates.When each session connection, can be the automatic distribution network of user port address and be used for routing addressing, after service ending, lost efficacy.
(4) key distribution bearing function: portability association key distribution protocol data in the session control signaling, set up in session and to finish key distribution in the process, to reduce the session settling time of security service, improve key distribution efficient and fail safe.
(5) QoS accommodating control function: realize professional admittance according to current Internet resources situation and professional QoS demand.Carry out relevant qos policy, such as the resource race to control of high-priority users etc.
(6) function of safety protection: finish the legitimacy of calling out the connection protocol message and differentiate, guarantee the safety of key-course.
3) service quality guarantees technical system under integral network safety service framework, and by the information classification isolation, network is carried on different business on the separate exchange transmission channel.According to the QoS of survice demand, but the multiple QoS technology of integrated use provides effective service quality guarantee on each passage; And the qos policy by unified plan, make that respective services quality assurance measure cooperatively interacts, effectively operation.
The end-to-end service that connection arranged is the primary condition that ensures real time business QoS.System is that communicating pair is set up end-to-end transmission channel connection, that quality assurance is arranged that has.Business data flow is enterprising line data exchange and transmission in this path, thereby guarantees that business data flow arrives according to the order of sequence with metastable transmission characteristic.
The classification Differentiated Services is that the data of business, control and management layer are carried out corresponding Differentiated Services respectively.Each aspect can be carried out separately Differentiated Services according to data characteristics such as News Category, data type and priority.By corresponding queue scheduling algorithm, make Various types of data stream by arranging occupying system resources in advance.
For guaranteeing that the actual data carried by data flow of network meets prior appointed resource and distributes, avoid abnormal flow conversion Internet resources, system carries out traffic monitor and restriction to the data flow in the network.Traffic policing abandons crossing ampacity by collocation strategy, guarantees that the business data flow of high priorities such as speech, video is normally transmitted processing.
The QoS route is to realize that QoS guarantees, improves the essential condition of network integrity service performance.The QoS route dynamically finds to satisfy the optimal path of QoS requirement according to the operating position of Internet resources.The QoS route provides the route basis for traffic engineering, realizes that service traffics rationally distribute in network, thereby reduces the network congestion probability, strengthens the network throughput performance, improves utilization rate of network resource.
It is to measure and add up by QoS to realize control of system resource rational and effective and utilization that resource statistics distributes.QoS measures with the object of adding up and comprises flow, the error rate, packet loss and exception message etc.Generate all kinds of qos parameters according to measuring, realize control system resource with statistics.
It is according to current resource situation of network and professional QoS demand that QoS admits control, and control is admitted in the session connection of business, and the service traffics of avoiding being beyond the bearing capacity enter network.System mainly puts forth effort on the various technology of integrated use, by unified design and unified management, is a kind of professional end to end transmission platform with the QoS technical change, to satisfy the requirement to QoS.
4) comprehensive safety protecting technical system integral network safety service framework is based on solving network security problem from system's system.Safe and secret measures effectively is dissolved in the network in each equipment and each aspect, closely cooperates each other, to strengthen the security protection performance, improves network resource utilization, guarantees QoS, realizes unified control and management.The comprehensive safety protecting system mainly comprises aspects such as information classification isolation, network boundary protection, applied business access control and protecting data encryption: the attribute of the user port of (1) information classification isolation network, network trunk port, management port is strict to be distinguished.User terminal inserts from user port, and what its signaling message and management information can only be transmitted to access node is connected controller and OAMAgent, and business datum can only exchange forwarding in service layer.The equipment or the address of other aspect of user terminal in can not accesses network.The network switching equipment carries out independently route switching to data such as business, control and management, is independent of each other.Set up independently transmission channel respectively for business, control and management data on the trunk, each passage has independently bandwidth resources, and interchannel is isolated mutually.
(2) network boundary protected network border is the emphasis of system safety protection system design, will (be called for short: the USAP agreement) realize by the user security access protocol.The USAP agreement is responsible for that legitimacy is carried out in the access of user terminal and is differentiated, stops illegal terminal and inserts.The discrimination process periodicmaintenance.
The USAP agreement is isolated the business on the subscriber's line, signaling and management data transmission link, and corresponding with the transmission channel on the network trunks.The transmission link of user service data is set up under the connection control of key-course in real time, removes after the service ending.Possess integrality and anti-security protection ability of resetting through USAP protocol encapsulation data carried by data on the subscriber's line, can prevent to insert attack message from subscriber's line.
Can realize that by the USAP agreement terminal iidentification separates with the network address.The address (be the routing address of switching equipment user port) of user terminal in network only is presented on network internal, distributed automatically by network when each communication.USAP sets up and safeguards binding relationship this time professional and terminal iidentification, the network address, and switching equipment is responsible for finishing according to this binding relationship the conversion of the terminal iidentification and the network address.Because network is to user transparent, the safety of network boundary is effectively guaranteed.
Safety between network node will (be called for short: the NSIP agreement) realize by the node security interconnection agreement.Interconnection must be differentiated through legitimacy between node, stops illegal node and inserts.Simultaneously, possess integrality and anti-security protection ability of resetting through NSIP protocol encapsulation data carried by data on the trunk main.
(3) applied business access control applied business is subjected to the control of session connection, to the business datum that incomplete call connects, and the carrying of network refusal.In the session connection process, the connection of key-course control is carried out authenticity verification to signaling, prevents the Signaling attack of illegal terminal or node.Be to guarantee service security, system sets up transmission channel end to end for business datum under session connection control, and the path in network can be selected according to the QoS characteristic of link by source node, also can pass through the network management configuration specified circuit by or tactful route.User's business datum is transmitted on this transmission channel and is exchanged forwarding, and the outer data of refusal transmission channel enter.
(4) protecting data encryption business datum and system information encipherment protection are the important means of guaranteeing professional and network security.User service data is implemented omnidistance end to end the encryption, and password does not land in network transmission process, guarantees the confidentiality of communication service.To all protecting data encryptions on the trunk main; not only business datum has been carried out the superencipher protection; strengthen professional encryption strength, and signaling between node and procotol message have been carried out encipherment protection, strengthened the security protection ability of network system.
5) Integrated Network Management technical system network management system realizes the unified management to network, equipment, business and user, adopts differentiated control, gathers step by step, central controlled way to manage, realizes the subregion decentralized management.Network management system comprises subsystems such as network resource management, applied business management, user property management, and management functions such as configuration management, fault management, performance management, Topology Management, service management, safety management and QoS management are provided.
The present invention is not limited to aforesaid embodiment.The present invention expands to any new feature or any new combination that discloses in this manual, and the arbitrary new method that discloses or step or any new combination of process.
Claims (1)
1. a network system that realizes the integrated safe service is characterized in that: comprise information classification isolated system, integrated service service system, service quality guarantee system, comprehensive safety protecting system and Integrated Network Management system;
Described information classification isolated system: for the various information in the network provides independently route switching; Guarantee in user's access, route switching, relay transmission, QoS, safe and secret each link is to processings of classifying of business datum, signaling message and network management information, realizes professional, control and the classification isolation of management information in network; The information data that classification is isolated has independently bandwidth resources in network, and independently route switching and QoS safeguard measure; Has relatively independent transmission channel between terminal and switching node and between switching node;
Described integrated service service system: adopt the secured session connection protocol, realization service admittance control function, the professional transmission channel of realization are set up controlled function, address (ADDR relationship map function, key distribution bearing function, QoS accommodating control function and function of safety protection;
Described service quality guarantee system: the end-to-end service that connection is arranged is provided; Data to business, control and management layer are carried out Differentiated Services; Data flow in the network is carried out traffic policing; Dynamically find to satisfy the optimal path of QoS requirement by the QoS route, realize traffic engineering; Admit control that control is admitted in the session connection of business by QoS;
Described comprehensive safety protecting system: comprise the employing of information classification isolation, network boundary protection, applied business access control and protecting data encryption measure, described information classification is isolated the attribute of the user port that is meant network, network trunk port, management port and is distinguished, user terminal is inserted from user port, what its signaling message and management information can only be transmitted to access node is connected controller and OAMAgent, and business datum can only exchange forwarding in service layer; The network switching equipment carries out independently route switching to business, control and management data, and trunk is set up independently transmission channel respectively for business, control and management data, and each interchannel does not disturb mutually; Described network boundary protection is meant by the user security access protocol, legitimacy is carried out in the access of user terminal differentiate, the transmission link of user service data is set up under the connection control of key-course in real time, removes after the service ending; Described applied business access control is meant that in the session connection process connection of key-course control is carried out authenticity verification to signaling, sets up transmission channel end to end for business datum under session connection control;
Described Integrated Network Management system: adopt differentiated control, gather step by step, central controlled way to manage, realize the subregion decentralized management.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010125028XA CN101771619B (en) | 2010-03-16 | 2010-03-16 | Network system for realizing integrated security services |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010125028XA CN101771619B (en) | 2010-03-16 | 2010-03-16 | Network system for realizing integrated security services |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101771619A true CN101771619A (en) | 2010-07-07 |
| CN101771619B CN101771619B (en) | 2012-07-04 |
Family
ID=42504229
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010125028XA Active CN101771619B (en) | 2010-03-16 | 2010-03-16 | Network system for realizing integrated security services |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101771619B (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102164092A (en) * | 2011-05-23 | 2011-08-24 | 北京交通大学 | Method and system for guaranteeing service quality of integrated identification network |
| CN102724175A (en) * | 2011-08-26 | 2012-10-10 | 北京天地互连信息技术有限公司 | Remote communication security management architecture of ubiquitous green community control network and method for constructing the same |
| CN103428028A (en) * | 2013-07-31 | 2013-12-04 | 深圳市邦彦信息技术有限公司 | Service quality maintenance method and system for heterogeneous network |
| CN103491641A (en) * | 2013-09-05 | 2014-01-01 | 北京创毅讯联科技股份有限公司 | Method and enterprise network system for realizing voice services in long term evolution enterprise network |
| CN105471611A (en) * | 2014-09-05 | 2016-04-06 | 中兴通讯股份有限公司 | Processing method, device and system for providing user service |
| CN106789533A (en) * | 2016-12-27 | 2017-05-31 | 福建三元达网络技术有限公司 | Method and its system that service channel with management passage separate |
| CN108234677A (en) * | 2018-03-09 | 2018-06-29 | 高飞 | A kind of block chain network node serve device towards multi-tiling platform chain |
| CN109639735A (en) * | 2019-01-24 | 2019-04-16 | 重庆邮电大学 | A kind of test method of IPv6 industry wireless network security level |
| CN114967504A (en) * | 2022-07-07 | 2022-08-30 | 广东长天思源环保科技股份有限公司 | Environment monitoring operation and maintenance platform based on identification analysis |
| US11449799B1 (en) * | 2020-01-30 | 2022-09-20 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11477016B1 (en) | 2019-09-10 | 2022-10-18 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11533175B1 (en) | 2020-01-30 | 2022-12-20 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography on a smartcard |
| US11626983B1 (en) | 2019-09-10 | 2023-04-11 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11727829B1 (en) | 2020-01-30 | 2023-08-15 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11736281B1 (en) | 2019-09-10 | 2023-08-22 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11838410B1 (en) | 2020-01-30 | 2023-12-05 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101212464A (en) * | 2006-12-28 | 2008-07-02 | 北京交通大学 | Method for implementing general-purpose services in integrated network |
| CN101640825A (en) * | 2009-08-19 | 2010-02-03 | 刘文祥 | Integration of three networks |
-
2010
- 2010-03-16 CN CN201010125028XA patent/CN101771619B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101212464A (en) * | 2006-12-28 | 2008-07-02 | 北京交通大学 | Method for implementing general-purpose services in integrated network |
| CN101640825A (en) * | 2009-08-19 | 2010-02-03 | 刘文祥 | Integration of three networks |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102164092A (en) * | 2011-05-23 | 2011-08-24 | 北京交通大学 | Method and system for guaranteeing service quality of integrated identification network |
| CN102164092B (en) * | 2011-05-23 | 2013-12-18 | 北京交通大学 | Method and system for guaranteeing service quality of integrated identification network |
| CN102724175A (en) * | 2011-08-26 | 2012-10-10 | 北京天地互连信息技术有限公司 | Remote communication security management architecture of ubiquitous green community control network and method for constructing the same |
| CN103428028A (en) * | 2013-07-31 | 2013-12-04 | 深圳市邦彦信息技术有限公司 | Service quality maintenance method and system for heterogeneous network |
| CN103428028B (en) * | 2013-07-31 | 2016-10-26 | 邦彦技术股份有限公司 | Service quality maintenance method and system for heterogeneous network |
| CN103491641A (en) * | 2013-09-05 | 2014-01-01 | 北京创毅讯联科技股份有限公司 | Method and enterprise network system for realizing voice services in long term evolution enterprise network |
| CN103491641B (en) * | 2013-09-05 | 2016-09-14 | 北京创毅讯联科技股份有限公司 | Method and the Intranet of speech business is realized in Long Term Evolution enterprise network |
| CN105471611A (en) * | 2014-09-05 | 2016-04-06 | 中兴通讯股份有限公司 | Processing method, device and system for providing user service |
| CN106789533A (en) * | 2016-12-27 | 2017-05-31 | 福建三元达网络技术有限公司 | Method and its system that service channel with management passage separate |
| CN108234677A (en) * | 2018-03-09 | 2018-06-29 | 高飞 | A kind of block chain network node serve device towards multi-tiling platform chain |
| CN108234677B (en) * | 2018-03-09 | 2021-04-27 | 高飞 | Block chain network node service device facing multi-block chain platform |
| CN109639735A (en) * | 2019-01-24 | 2019-04-16 | 重庆邮电大学 | A kind of test method of IPv6 industry wireless network security level |
| US11902431B1 (en) | 2019-09-10 | 2024-02-13 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11750378B1 (en) | 2019-09-10 | 2023-09-05 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11477016B1 (en) | 2019-09-10 | 2022-10-18 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11736281B1 (en) | 2019-09-10 | 2023-08-22 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11626983B1 (en) | 2019-09-10 | 2023-04-11 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11727310B1 (en) * | 2020-01-30 | 2023-08-15 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11727829B1 (en) | 2020-01-30 | 2023-08-15 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11533175B1 (en) | 2020-01-30 | 2022-12-20 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography on a smartcard |
| US11449799B1 (en) * | 2020-01-30 | 2022-09-20 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11838410B1 (en) | 2020-01-30 | 2023-12-05 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| CN114967504B (en) * | 2022-07-07 | 2023-02-17 | 广东长天思源环保科技股份有限公司 | Environment monitoring operation and maintenance platform based on identification analysis |
| CN114967504A (en) * | 2022-07-07 | 2022-08-30 | 广东长天思源环保科技股份有限公司 | Environment monitoring operation and maintenance platform based on identification analysis |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101771619B (en) | 2012-07-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101771619B (en) | Network system for realizing integrated security services | |
| CN101800753B (en) | Comprehensive safety protecting method based on integral network safety service framework | |
| US8307418B2 (en) | Methods, systems, and computer readable media for providing application layer firewall and integrated deep packet inspection functions for providing early intrusion detection and intrusion prevention at an edge networking device | |
| CN102469078B (en) | Method and system for accessing campus network to external network | |
| CA2665297C (en) | Lawful interception in wireline broadband networks | |
| CN101326763B (en) | System and method for authentication of SP Ethernet aggregation networks | |
| US7742487B2 (en) | System and method for integrated service access | |
| CN101815032B (en) | Method for classifying and isolating information based on integrated network security service architecture | |
| JP2005525024A (en) | Communication switching architecture | |
| KR20140114039A (en) | A device, software module, system or business method for global real-time telecommunication | |
| RU2402881C2 (en) | Method and facility for control of data streams of protected distributed information systems in network of coded communication | |
| CN106210034B (en) | A kind of intelligent terminal management-control method and system based on IMS enterprise network | |
| CN101808420A (en) | Intelligent network | |
| CN106027491B (en) | Separated links formula communication processing method and system based on isolation IP address | |
| CN110855707A (en) | Internet of things communication pipeline safety control system and method | |
| CN1941740B (en) | System and method for controlling access network resource | |
| Schneider et al. | Building trustworthy systems: Lessons from the PTN and Internet | |
| CN100414938C (en) | Network safety system and method | |
| Ojugo et al. | Technical issues for IP-based telephony in Nigeria | |
| FR2961367A1 (en) | SYSTEM AND METHOD FOR MANAGING SECURE FLOWS BETWEEN SEVERAL REMOTE SITES | |
| CN113259347B (en) | Equipment safety system and equipment behavior management method in industrial Internet | |
| Cisco | T | |
| CN109150527B (en) | Quantum encryption system and encryption communication method for telephone exchange network | |
| Aksahin | Security Implications of Converged Networks and Protecting Them, without Compromising Efficiency | |
| Farroha et al. | An investigative analysis of information assurance issues associated with the GIG's P&P architecture |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |