CN102333094B - Safety control method and equipment - Google Patents
Safety control method and equipment Download PDFInfo
- Publication number
- CN102333094B CN102333094B CN201110307826.9A CN201110307826A CN102333094B CN 102333094 B CN102333094 B CN 102333094B CN 201110307826 A CN201110307826 A CN 201110307826A CN 102333094 B CN102333094 B CN 102333094B
- Authority
- CN
- China
- Prior art keywords
- message
- mac address
- access
- equipment
- port
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 21
- 238000012544 monitoring process Methods 0.000 claims abstract description 27
- 238000012545 processing Methods 0.000 claims description 9
- 238000010586 diagram Methods 0.000 description 5
- 238000013523 data management Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a safety control method and equipment. The safety control method comprises the following steps that: an access device obtains the corresponding relationship between an MAC (Media Access Control) address and a port of terminal equipment; after receiving a message sent by the terminal equipment from the port, the access device discards the message if the source MAC address of the message is inconsistent with that shown in the corresponding relationship; and if the source MAC address of the message is consistent with that shown in the corresponding relationship, the access device forwards the message. By adopting the safety control method and equipment, the access safety for the terminal equipment can be improved and the safety of a monitoring system can be ensured.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a security control method and device.
Background
With the development of the IP video monitoring technology, the deployment of the IP video monitoring is more and more extensive, and higher requirements are also put forward on the security of the IP video monitoring. In an IP video monitoring system, network security of any node is not guaranteed, which may cause a great potential safety hazard to the whole IP video monitoring system.
As shown in fig. 1, a schematic networking diagram of an IP video monitoring system includes: an EC (Encoder), an access switch, a VM (Video Management) server, and a DM (data Management) server, where each EC is accessed to an IP network through the access switch, and each EC cannot be loaded with other security software.
Because other safety software cannot be loaded on the EC, the safety of the EC cannot be ensured, and the safety of the IP video monitoring system cannot be ensured. For example, the IP video monitoring system can be accessed by replacing the accessed EC with the same EC device name and IP address, so that if a hacker PC replaces the EC to access the IP video monitoring system, a great safety hazard exists.
Disclosure of Invention
The invention provides a safety control method and equipment, which are used for improving the access safety of terminal equipment and ensuring the safety of a monitoring system.
In order to achieve the above object, the present invention provides a security control method applied in a monitoring system including a terminal device and an access device, the method including the steps of:
the access equipment obtains the corresponding relation between the Media Access Control (MAC) address of the terminal equipment and the port of the access equipment;
when the access equipment receives a message from the terminal equipment from the port, if the source MAC address of the message is inconsistent with the MAC address in the corresponding relation, the access equipment discards the message; and if the source MAC address of the message is consistent with the MAC address in the corresponding relation, the access equipment forwards the message.
The obtaining, by the access device, a correspondence between a MAC address of the terminal device and a port of the access device includes:
when the access equipment receives a message from the terminal equipment for the first time, the access equipment obtains the MAC address of the terminal equipment and a port receiving the message for the first time, and records the corresponding relation between the MAC address of the terminal equipment and the port; or,
when the corresponding relation between the MAC address of the terminal equipment and the port of the access equipment is configured statically, the access equipment records the corresponding relation between the MAC address of the terminal equipment and the port which are configured statically.
The forwarding, by the access device, the packet specifically includes:
before the terminal equipment is successfully registered, if the source MAC address of the message is consistent with the MAC address in the corresponding relation and the message is an SIP registration request message from the terminal equipment, the access equipment forwards the message; if the source MAC address of the message is consistent with the MAC address in the corresponding relation and the message is not the SIP registration request message from the terminal equipment, the access equipment discards the message;
after the terminal equipment is successfully registered, if the source MAC address of the message is consistent with the MAC address in the corresponding relation, the access equipment forwards the message; wherein:
and when the access equipment monitors an SIP registration request message from the terminal equipment and monitors an SIP registration success response message from a VM server and sent to the terminal equipment, the access equipment confirms that the terminal equipment is successfully registered.
The access device forwards the message, and then the method further comprises:
if the access device does not receive the keep alive message from the terminal device on the port within a preset period, the access device discards the received message when the access device receives the message from the port.
The terminal device is a terminal device which cannot install authentication software, and the terminal device comprises: an encoding device in a monitoring system.
An access device, applied in a monitoring system including a terminal device and the access device, the access device comprising:
an obtaining module, configured to obtain a correspondence between a MAC address of the terminal device and a port of the terminal device;
a receiving module, configured to receive, from the port, a message from the terminal device;
the processing module is used for discarding the message when the source MAC address of the message is inconsistent with the MAC address in the corresponding relation; and when the source MAC address of the message is consistent with the MAC address in the corresponding relation, forwarding the message.
The obtaining module is specifically configured to, when the access device receives the packet from the terminal device for the first time, obtain the MAC address of the terminal device and the port at which the packet is received for the first time, and record a correspondence between the MAC address of the terminal device and the port; or when the corresponding relation between the MAC address of the terminal equipment and the port of the access equipment is statically configured, recording the corresponding relation between the MAC address of the terminal equipment and the port which are statically configured.
The processing module is specifically configured to forward the message if a source MAC address of the message is consistent with an MAC address in the corresponding relationship and the message is an SIP registration request message from the terminal device before the terminal device is successfully registered; if the source MAC address of the message is consistent with the MAC address in the corresponding relation and the message is not the SIP registration request message from the terminal equipment, discarding the message;
after the terminal equipment is successfully registered, if the source MAC address of the message is consistent with the MAC address in the corresponding relation, the message is forwarded; wherein:
and when an SIP registration request message from the terminal equipment is intercepted and an SIP registration success response message from the VM server and sent to the terminal equipment is intercepted, confirming that the terminal equipment is successfully registered.
The processing module is further configured to, after forwarding the packet, discard the received packet when the packet is received from the port if the KeepaLive packet from the terminal device is not received on the port within a preset period.
The terminal device is a terminal device which cannot install authentication software, and the terminal device comprises: an encoding device in a monitoring system.
Compared with the prior art, the invention has at least the following advantages: by performing Media Access Control (MAC) address authentication on a terminal device (e.g., a coding device) on an Access device, the Access security of the terminal device can be improved, the security of a monitoring system can be ensured, and hackers or other attacks of malicious traffic can be avoided.
Drawings
FIG. 1 is a schematic networking diagram of an IP video monitoring system in the prior art;
FIG. 2 is a flow chart of a safety control method provided by the present invention;
fig. 3 is a schematic structural diagram of an access device according to the present invention.
Detailed Description
The invention provides a security control method, which is applied to a monitoring system comprising terminal equipment, access equipment, a VM server and a DM server, wherein the terminal equipment is the terminal equipment which cannot be provided with authentication software (such as the terminal equipment which cannot be provided with 802.1X authentication software), and the terminal equipment comprises but is not limited to: monitoring of the encoding devices (e.g., ECs) in the system. Fig. 1 is a schematic diagram of a reference network model of the present invention, where the terminal device is an EC, the access device is an access switch, the EC1 is connected to a Port1 of the access switch, the EC2 is connected to a Port2 of the access switch, and the EC3 is connected to a Port3 of the access switch.
As shown in fig. 2, the safety control method includes the steps of:
step 201, the access device obtains the corresponding relationship between the MAC address of the terminal device and its own port, where the port is the port where the terminal device accesses the access device. Taking fig. 1 as an example, the access switch obtains the correspondence between the MAC address of EC1 and Port1, obtains the correspondence between the MAC address of EC2 and Port2, and obtains the correspondence between the MAC address of EC3 and Port 3.
In this step, the access device obtains a corresponding relationship between the MAC address and the port, and specifically includes:
the first method is that the MAC address authentication function is configured on the port of the access equipment connected with the terminal equipment, and when the terminal equipment is on line for the first time, the MAC address authentication is carried out on the access equipment on the MAC address of the terminal equipment. Based on this, when the access device receives the message from the terminal device for the first time, the access device obtains the MAC address of the terminal device (i.e. the source MAC address in the message) and the port that receives the message for the first time, and records the correspondence between the MAC address of the terminal device and the port.
In the second mode, on the port of the access device connected to the terminal device, the network administrator statically configures the MAC address of the terminal device, that is, the port only allows the message whose source MAC address is the statically configured MAC address to be forwarded. Based on this, when the correspondence between the MAC address of the terminal device and the port of the access device is statically configured, the access device can directly record the correspondence between the MAC address of the statically configured terminal device and the port.
Taking fig. 1 as an example, on Port1 of EC1 connected to the access switch, the MAC address (MAC address 1) of EC1 is statically configured manually, and the access switch records the correspondence between MAC address 1 and Port 1; of course, the MAC address authentication may also be used, the MAC address authentication function is enabled on the Port1 of the access switch, and for the first message sent after the EC1 is on line, when the access switch receives the above-mentioned message through the Port1, the access switch records the corresponding relationship between the Port1 and the source MAC address (as the MAC address passed through authentication) carried in the message.
Step 202, when the access device receives the message from the terminal device from the port, the MAC address recorded in the corresponding relationship of the port is inquired, if the source MAC address of the message is not consistent with the MAC address in the corresponding relationship, step 203 is executed, and if the source MAC address of the message is consistent with the MAC address in the corresponding relationship, step 204 is executed.
Step 203, the access device discards the message.
When the source MAC address of the message is not consistent with the MAC address in the corresponding relation, the message is not authenticated by the MAC address, and therefore the message is directly discarded. For example, when the access device receives a packet with a source MAC address of MAC address 2 at Port1, if the access device records the correspondence between Port1 and MAC address 1, the access device directly discards the received packet.
Step 204, the access device forwards the message.
When the source MAC address of the message is consistent with the MAC address in the corresponding relation, the message passes the MAC address authentication, so that the message can be directly forwarded. For example, when the access device receives a packet with a source MAC address of MAC address 1 at Port1, if the access device records the correspondence between Port1 and MAC address 1, the access device directly forwards the received packet.
It should be noted that, when the source MAC address of the packet is consistent with the MAC address in the corresponding relationship, the following situations may also occur:
in the first case, before the terminal device is successfully registered (for example, the EC is registered on the VM server), if the received message is an SIP registration request message from the terminal device, the access device forwards the received message; if the received message is not the SIP registration request message from the terminal equipment, the access equipment directly discards the received message.
In the second situation, after the terminal equipment is successfully registered, the access equipment directly forwards the received message no matter what type of the received message is; wherein: when the access device monitors an SIP registration request message from the terminal device and monitors an SIP registration success response message from the VM server and sent to the terminal device, the access device confirms that the terminal device is successfully registered.
In the invention, the access security is considered, not all messages corresponding to the authenticated MAC addresses can be forwarded, before the terminal equipment is successfully registered, the access equipment only forwards a specific message (namely an SIP registration request message), and if the message is not the message of the type, the message is directly discarded. The specific packet is a UDP (User data packet Protocol) packet, and the destination port is 5060.
Furthermore, after the MAC address passes the authentication, the access device needs to continue to monitor the port corresponding to the MAC address, and if an uplink SIP (Session Initiation Protocol) registration request message (i.e., from the terminal device) and a downlink SIP registration success response message (e.g., an interactive SIP registration request message and an SIP registration success response message between the EC and the VM server) are received at the port within a certain time interval, it indicates that the port passes the authentication state after the registration of the terminal device is successful, and the message can be forwarded normally; then, no matter what type of the received message, the access device directly forwards the received message.
In the invention, considering the access security, if the access device does not receive the KeepaLive message from the terminal device on the port within the preset period (for example, the EC and the VM server need to periodically interact the KeepaLive message, when the EC does not send the KeepaLive message, the EC does not currently access the network), when the access device receives the message from the port, the access device discards the received message.
Specifically, based on the consideration of security factors, a port cannot be always in an unconditional forwarding state, so that an access device port in a normal forwarding state (that is, capable of sending any message) needs to continue monitoring a KeepaLive message of the SIP, and if the KeepaLive message of the SIP is not received within a certain time period (for example, three seconds), the port is set to a non-authentication state, and the message is not allowed to be forwarded.
In summary, in the present invention, by performing MAC address authentication on the terminal device on the access device, the security of the terminal device access can be improved, the security of the monitoring system can be ensured, and hackers or other attacks of malicious traffic can be avoided.
Based on the same inventive concept as the above method, the present invention further provides an access device, which is applied in a monitoring system including a terminal device and the access device, as shown in fig. 3, the access device includes:
an obtaining module 11, configured to obtain a correspondence between a MAC address of the terminal device and a port of the terminal device;
a receiving module 12, configured to receive, from the port, a message from the terminal device;
a processing module 13, configured to discard the packet when the source MAC address of the packet is inconsistent with the MAC address in the corresponding relationship; and when the source MAC address of the message is consistent with the MAC address in the corresponding relation, forwarding the message.
The obtaining module 11 is specifically configured to, when an access device receives a packet from the terminal device for the first time, obtain an MAC address of the terminal device and a port at which the packet is received for the first time, and record a corresponding relationship between the MAC address of the terminal device and the port; or when the corresponding relation between the MAC address of the terminal equipment and the port of the access equipment is statically configured, recording the corresponding relation between the MAC address of the terminal equipment and the port which are statically configured.
The processing module 13 is specifically configured to forward the message if a source MAC address of the message is consistent with an MAC address in the corresponding relationship and the message is an SIP registration request message from the terminal device before the terminal device is successfully registered; if the source MAC address of the message is consistent with the MAC address in the corresponding relation and the message is not the SIP registration request message from the terminal equipment, discarding the message;
after the terminal equipment is successfully registered, if the source MAC address of the message is consistent with the MAC address in the corresponding relation, the message is forwarded; wherein:
and when an SIP registration request message from the terminal equipment is intercepted and an SIP registration success response message from the VM server and sent to the terminal equipment is intercepted, confirming that the terminal equipment is successfully registered.
The processing module 13 is further configured to, after forwarding the packet, discard the received packet when the packet is received from the port if the KeepaLive packet from the terminal device is not received on the port within a preset period.
In the present invention, the terminal device is a terminal device that cannot install authentication software, and the terminal device includes: an encoding device in a monitoring system.
The modules of the device can be integrated into a whole or can be separately deployed. The modules can be combined into one module, and can also be further split into a plurality of sub-modules.
Through the above description of the embodiments, those skilled in the art will clearly understand that the present invention may be implemented by hardware, or by software plus a necessary general hardware platform. Based on such understanding, the technical solution of the present invention can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.), and includes several instructions for enabling a computer device (which can be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments of the present invention.
Those skilled in the art will appreciate that the drawings are merely schematic representations of one preferred embodiment and that the blocks or flow diagrams in the drawings are not necessarily required to practice the present invention.
Those skilled in the art will appreciate that the modules in the devices in the embodiments may be distributed in the devices in the embodiments according to the description of the embodiments, and may be correspondingly changed in one or more devices different from the embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.
The above-mentioned serial numbers of the present invention are for description only and do not represent the merits of the embodiments.
The above disclosure is only for a few specific embodiments of the present invention, but the present invention is not limited thereto, and any variations that can be made by those skilled in the art are intended to fall within the scope of the present invention.
Claims (8)
1. A security control method is applied to a monitoring system comprising a terminal device and an access device, and is characterized by comprising the following steps:
the access equipment obtains the corresponding relation between the Media Access Control (MAC) address of the terminal equipment and the port of the access equipment;
when the access equipment receives a message from the terminal equipment from the port, if the source MAC address of the message is inconsistent with the MAC address in the corresponding relation, the access equipment discards the message; if the source MAC address of the message is consistent with the MAC address in the corresponding relation, the access equipment forwards the message;
wherein, the forwarding of the packet by the access device specifically includes:
before the terminal equipment is successfully registered, if the source MAC address of the message is consistent with the MAC address in the corresponding relation and the message is an SIP registration request message from the terminal equipment, the access equipment forwards the message; if the source MAC address of the message is consistent with the MAC address in the corresponding relation and the message is not the SIP registration request message from the terminal equipment, the access equipment discards the message;
the access device forwards the message, and then the method further comprises:
if the access device does not receive the keep alive message from the terminal device on the port within a preset period, the access device discards the received message when the access device receives the message from the port.
2. The method of claim 1, wherein the obtaining, by the access device, a correspondence between a MAC address of the terminal device and a port of the access device specifically includes:
when the access equipment receives a message from the terminal equipment for the first time, the access equipment obtains the MAC address of the terminal equipment and a port receiving the message for the first time, and records the corresponding relation between the MAC address of the terminal equipment and the port; or,
when the corresponding relation between the MAC address of the terminal equipment and the port of the access equipment is configured statically, the access equipment records the corresponding relation between the MAC address of the terminal equipment and the port which are configured statically.
3. The method of claim 1, wherein the access device forwards the message, further comprising:
after the terminal equipment is successfully registered, if the source MAC address of the message is consistent with the MAC address in the corresponding relation, the access equipment forwards the message; wherein:
and when the access equipment monitors an SIP registration request message from the terminal equipment and monitors an SIP registration success response message from a VM server and sent to the terminal equipment, the access equipment confirms that the terminal equipment is successfully registered.
4. The method according to any one of claims 1 to 3, wherein the terminal device is a terminal device that cannot install authentication software, and the terminal device includes: an encoding device in a monitoring system.
5. An access device applied to a monitoring system including a terminal device and the access device, wherein the access device comprises:
an obtaining module, configured to obtain a correspondence between a MAC address of the terminal device and a port of the terminal device;
a receiving module, configured to receive, from the port, a message from the terminal device;
the processing module is used for discarding the message when the source MAC address of the message is inconsistent with the MAC address in the corresponding relation; when the source MAC address of the message is consistent with the MAC address in the corresponding relation, forwarding the message; specifically, before the terminal device is successfully registered, if a source MAC address of the packet is consistent with an MAC address in the correspondence, and the packet is an SIP registration request packet from the terminal device, forwarding the packet; if the source MAC address of the message is consistent with the MAC address in the corresponding relation and the message is not the SIP registration request message from the terminal equipment, discarding the message;
the processing module is further configured to, after forwarding the packet, discard the received packet when the packet is received from the port if the KeepaLive packet from the terminal device is not received on the port within a preset period.
6. The access device of claim 5,
the obtaining module is specifically configured to, when the access device receives the packet from the terminal device for the first time, obtain the MAC address of the terminal device and the port at which the packet is received for the first time, and record a correspondence between the MAC address of the terminal device and the port; or when the corresponding relation between the MAC address of the terminal equipment and the port of the access equipment is statically configured, recording the corresponding relation between the MAC address of the terminal equipment and the port which are statically configured.
7. The access device of claim 5,
the processing module is specifically configured to, after the terminal device is successfully registered, forward the packet if a source MAC address of the packet is consistent with an MAC address in the correspondence; wherein:
and when an SIP registration request message from the terminal equipment is intercepted and an SIP registration success response message from the VM server and sent to the terminal equipment is intercepted, confirming that the terminal equipment is successfully registered.
8. The access device according to any one of claims 5-7, wherein the terminal device is a terminal device that cannot install authentication software, and the terminal device comprises: an encoding device in a monitoring system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110307826.9A CN102333094B (en) | 2011-10-12 | 2011-10-12 | Safety control method and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110307826.9A CN102333094B (en) | 2011-10-12 | 2011-10-12 | Safety control method and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102333094A CN102333094A (en) | 2012-01-25 |
| CN102333094B true CN102333094B (en) | 2014-10-29 |
Family
ID=45484699
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110307826.9A Active CN102333094B (en) | 2011-10-12 | 2011-10-12 | Safety control method and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102333094B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789999B (en) * | 2016-12-12 | 2020-07-28 | 浙江宇视科技有限公司 | Method and device for tracking video source |
| CN107819761B (en) * | 2017-11-06 | 2021-05-21 | 成都西加云杉科技有限公司 | Data processing method and device and readable storage medium |
| CN108521399A (en) * | 2018-02-24 | 2018-09-11 | 浙江远望通信技术有限公司 | A kind of video monitoring safety cut-in method based on equipment feature recognition and white list |
| CN109743540A (en) * | 2018-12-11 | 2019-05-10 | 深圳市天视通电子科技有限公司 | A kind of automatic method for retrieving of network camera-shooting and recording device and system |
| CN111327577B (en) * | 2018-12-17 | 2022-10-04 | 浙江宇视科技有限公司 | Switch-based security access method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101110845A (en) * | 2006-07-18 | 2008-01-23 | 中兴通讯股份有限公司 | Method for access to control address through media and learning control equipment access to Ethernet |
| CN101227475A (en) * | 2008-02-01 | 2008-07-23 | 中兴通讯股份有限公司 | Terminal verification method |
| CN101635731A (en) * | 2009-08-31 | 2010-01-27 | 杭州华三通信技术有限公司 | Method and equipment for defending MAC address deception attack |
| CN101820432A (en) * | 2010-05-12 | 2010-09-01 | 中兴通讯股份有限公司 | Safety control method and device of stateless address configuration |
| CN101938496A (en) * | 2010-09-25 | 2011-01-05 | 杭州华三通信技术有限公司 | Call control method, device and system for attendant console |
| CN102164075A (en) * | 2011-03-18 | 2011-08-24 | 杭州华三通信技术有限公司 | Internet protocol video monitoring method and access layer switchboard |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7653063B2 (en) * | 2007-01-05 | 2010-01-26 | Cisco Technology, Inc. | Source address binding check |
-
2011
- 2011-10-12 CN CN201110307826.9A patent/CN102333094B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101110845A (en) * | 2006-07-18 | 2008-01-23 | 中兴通讯股份有限公司 | Method for access to control address through media and learning control equipment access to Ethernet |
| CN101227475A (en) * | 2008-02-01 | 2008-07-23 | 中兴通讯股份有限公司 | Terminal verification method |
| CN101635731A (en) * | 2009-08-31 | 2010-01-27 | 杭州华三通信技术有限公司 | Method and equipment for defending MAC address deception attack |
| CN101820432A (en) * | 2010-05-12 | 2010-09-01 | 中兴通讯股份有限公司 | Safety control method and device of stateless address configuration |
| CN101938496A (en) * | 2010-09-25 | 2011-01-05 | 杭州华三通信技术有限公司 | Call control method, device and system for attendant console |
| CN102164075A (en) * | 2011-03-18 | 2011-08-24 | 杭州华三通信技术有限公司 | Internet protocol video monitoring method and access layer switchboard |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102333094A (en) | 2012-01-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9369491B2 (en) | Inspection of data channels and recording of media streams | |
| EP2790387B1 (en) | Method and system for providing connectivity for an ssl/tls server behind a restrictive firewall or nat | |
| US10609074B2 (en) | Implementing decoys in network endpoints | |
| EP3021549B1 (en) | Terminal authentication apparatus and method | |
| US20120204264A1 (en) | Method, apparatus and system for detecting botnet | |
| US10897509B2 (en) | Dynamic detection of inactive virtual private network clients | |
| CN102333094B (en) | Safety control method and equipment | |
| US11863529B2 (en) | Private cloud routing server connection mechanism for use in a private communication architecture | |
| US20200304459A1 (en) | Systems, methods, and media for intelligent split-tunneling | |
| US10038591B1 (en) | Apparatus, system, and method for secure remote configuration of network devices | |
| US12074845B2 (en) | System and method for remotely filtering network traffic of a customer premise device | |
| EP3932044B1 (en) | Automatic distribution of dynamic host configuration protocol (dhcp) keys via link layer discovery protocol (lldp) | |
| US20220217126A1 (en) | Apparatus and method for secure router device | |
| CN114390049A (en) | Application data acquisition method and device | |
| US11683292B2 (en) | Private cloud routing server connection mechanism for use in a private communication architecture | |
| CN112422395A (en) | Data transmission method, device, terminal equipment and storage medium | |
| CN109376507B (en) | Data security management method and system | |
| CN106453350B (en) | Anti-attack method and device | |
| JP5345651B2 (en) | Secure tunneling platform system and method | |
| CN103368967A (en) | Security access method and equipment for IP phone | |
| US20120028608A1 (en) | Femto-ap and method for reducing authentication time of user equipment using the same | |
| CN112788444A (en) | Method for acquiring IP address, terminal equipment and storage medium | |
| US20230083939A1 (en) | Private Matter Gateway Connection Mechanism for Use in a Private Communication Architecture | |
| CN110912858B (en) | Security monitoring method and device based on friendly password strategy | |
| US20240147226A1 (en) | Security zone compliance monitoring in mobile networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: NEW H3C TECHNOLOGIES Co.,Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: HANGZHOU H3C TECHNOLOGIES Co.,Ltd. |
|
| CP03 | Change of name, title or address | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230628 Address after: 310052 11th Floor, 466 Changhe Road, Binjiang District, Hangzhou City, Zhejiang Province Patentee after: H3C INFORMATION TECHNOLOGY Co.,Ltd. Address before: 310052 Changhe Road, Binjiang District, Hangzhou, Zhejiang Province, No. 466 Patentee before: NEW H3C TECHNOLOGIES Co.,Ltd. |
|
| TR01 | Transfer of patent right |