CN102740296A - Trusted network access method and system for mobile terminal - Google Patents
Trusted network access method and system for mobile terminal Download PDFInfo
- Publication number
- CN102740296A CN102740296A CN201210222083XA CN201210222083A CN102740296A CN 102740296 A CN102740296 A CN 102740296A CN 201210222083X A CN201210222083X A CN 201210222083XA CN 201210222083 A CN201210222083 A CN 201210222083A CN 102740296 A CN102740296 A CN 102740296A
- Authority
- CN
- China
- Prior art keywords
- integrity
- portable terminal
- access strategy
- server
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a trusted network access method and a trusted network access system for a mobile terminal, and belongs to the technical field of trusted network access. The method comprises the following steps that: 1) the mobile terminal loads an integrity measurement collector and detects the integrity of the integrity measurement collector, and a policy decision point loads an integrity measurement verifier and detects the integrity of the integrity measurement verifier; 2) the mobile terminal transmits a network access request to a policy enforcement point; 3) after receiving the network access request, the policy enforcement point transmits a network access judgment request to the policy decision point, and authenticates the user identity of the mobile terminal; 4) after the user identity passes authentication, platform identity authentication is performed between the policy decision point and the mobile terminal, the policy decision point and the mobile terminal mutually authenticate system integrity, and a platform trust relationship between the policy decision point and the mobile terminal is established; and 7) the policy decision point transmits a suggestion indicating whether to access the policy enforcement point according to the platform trust relationship, and the policy enforcement point authorizes network access permission to the mobile terminal according to the suggestion. By the method and the system, network resources can be well protected.
Description
Technical field
The invention belongs to trustable network access technology field, relate in particular to cut-in method and the connecting system of a kind of portable terminal in trustable network.
Background technology
Along with mobile device, mobile network's continual renovation and development, mobile phone has become the indispensable part of the human modern life.Mobile network's quick growth has also brought a lot of new security challenges when having introduced a lot of new notions and technology.For example many employees are in and have downloaded some Malwares (wooden horse, virus etc.) when using mobile device (mobile phone, PDA, panel computer, notebook computer etc.) online accidentally.When they possibly are used to steal or the secret resource of dilapidated company during with these mobile device Connected Corp. network by the third party, these Malwares also might be transmitted in company's network simultaneously.Therefore; When the mobile terminal request network insertion; The network insertion control appliance also hopes to verify user's platform identity except the terminal is carried out traditional authenticating user identification, confirms to operate in the protection that terminal on the specific platform has received certain safe practice; Thereby set up certain of user is trusted, receive the threat of infected with malware to prevent portable terminal that the network insertion control appliance contains Malware because of access; Similarly, the user also hopes to verify the platform identity of network insertion control appliance, receives threats such as infected with malware, leakage privacy data to prevent the network insertion control appliance that contains Malware because of access.Therefore, realize that the platform authentication between the machine to machine is necessary.
Simultaneously the network insertion control appliance hopes to verify whether the virus base, system mend, operating software integrity check value etc. of user's operating system version, antivirus software reach safety requirements; Thereby set up certain trusting relationship; Believe that the portable terminal that request inserts operates in the appropriate environments really, does not receive the attack of virus and wooden horse.
Therefore, the access of control portable terminal in trusted networks, the safety issue that the guarding network office brings becomes the previous problem demanding prompt solution of order.
Summary of the invention
To the technical problem that exists in the prior art, the purpose of this invention is to provide the method for security verification when portable terminal inserts in a kind of trustable network, access strategy decision and implementation strategy.This method is carried out the policy validation of running of mobile terminal situation; The operation conditions of guaranteeing the terminal of access network meets the regulation of relevant operation conditions strategy in the network access policies, and limits the abnormal portable terminal of operation conditions selectively and only just can conduct interviews after normal recovering.
According to above purpose, realize that a concrete scheme of the present invention is: have three typical entities of participating in---portable terminal, accessing control server and access strategy server that request inserts at least.
The processing procedure of portable terminal trustable network access technology comprises the steps:
1. portable terminal sends the network insertion request to accessing control server;
2. after accessing control server is received the network insertion request, send the network insertion decision request to the access strategy server;
3. after the access strategy server is received decision request, checking mobile terminal user identity (conventional authentication methods such as user name, password);
4. after the mobile terminal user authentication is passed through, begin to carry out the platform authentication between access strategy server and the portable terminal;
5. portable terminal and access strategy server send message each other, verify both sides' system integrity each other.The access strategy server sends system integrity checking request to portable terminal; Request content comprises operating system version, the system mend situation moved on the portable terminal, whether Malware etc. is arranged; The system integrity that the result who returns according to portable terminal measures portable terminal is set up the trust of access strategy server for portable terminal thus; Same; Portable terminal sends system integrity checking request to the access strategy server; Request content comprises operating system version, system mend situation etc.; The result who returns according to the access strategy server measures its system integrity, sets up the trust of portable terminal for the access strategy server thus.After the verification system integrality finishes each other, just set up portable terminal and access strategy server both sides' platform trusting relationship.
6. the access strategy server sends the suggestion that whether inserts according to checking result (the platform trusting relationship of promptly setting up) to accessing control server, and accessing control server advises that according to this permission, refusal or part are authorized the mobile terminal network access rights.
Before portable terminal sent the network insertion request, deployment was connected the integrality (prevent to be written into the IMC that suffers that Malware is forged, distorted, guarantee the credibility of IMC) that client is written into IMC and detects IMC with the trustable network of portable terminal; Same, the credible Connection Service device end of access strategy server loads integrity verification person IMV, and checking integrity verification person's integrality (adopt the modes such as hashed value of verification IMV, guarantee that IMV is not by malicious modification).
The method of said portable terminal and access strategy server authentication both sides' system integrity is:
Integrality gatherer on A, the portable terminal reports to the trustable network connection client TNCC on the portable terminal with the configuring condition (like type of message, information gathering ability and the scope etc. that IMC supported) of IMC self;
Integrity verification person on B, the access strategy server reports to the credible Connection Service device end TNCS on the access strategy server with the configuring condition (like type of message, measure information ability and the scope etc. that IMV supported) of IMV self;
C, credible Connection Service device end TNCS are with the information of the integrality gatherer IMC person IMV that issues the integrity verification; The integrality of integrity verification person IMV checking integrality gatherer IMC; And through credible Connection Service device end and integrality gatherer IMC switching plane authentication message, a series of integrity value of the access strategy server that the concrete request of the collection access strategy server system integrality that a series of integrity value (like operating system version and patch information etc.) of this portable terminal that the request of collecting is collected according to integrality that the concrete request (operating system version of collecting portable terminal like request with patch information etc.), IMC that both sides' interactive messages comprises the collection mobile terminal system integrality that IMV sends to IMC returned to IMV, IMC are sent to IMV, the collection according to integrality that IMV returns to IMC ask to collect;
D. integrity verification person IMV is according to a series of integrity value about portable terminal of integrality gatherer IMC collection, and whether the system integrity of checking portable terminal is to allowing the portable terminal access to make IMV action suggestion; The a series of system integrities about the access strategy server that integrality gatherer IMC collects according to integrity verification person IMV confirm whether the access strategy server can trust.
Integrity verification person IMV sends IMV action suggestion to credible Connection Service device end TNCS; IMV action suggestion can be " allowing to insert ", " allowing to insert the subnetwork resource ", " refusal inserts; isolate portable terminal " etc.; TNCS forms TNCS access suggestion according to IMV action suggestion and the security strategy of self, and carries out TNCS and insert suggestion, the completion access process.
The present invention also provides the connecting system of portable terminal in a kind of trustable network, comprises portable terminal AR, accessing control server PEP and access strategy server PDP, and portable terminal sends the network insertion request; The platform identity and the completeness of platform of access strategy server authentication portable terminal judge whether the running status of portable terminal satisfies the network insertion strategy; Accessing control server allows, refuses according to the judged result of access strategy server or part is authorized the mobile terminal network access rights.
Said portable terminal comprises integrality gatherer (IMC; Integrity Measurement Collector Interface), trustable network connects client (TNCC; Trusted Network Connect Client) and network insertion requestor (NAR, Network Access Requestor); Trustable network connects client and is connected with the access strategy server, receives the integrity value of integrality gatherer transmission and send to the access strategy server to verify; The network insertion requestor sends the request of access to accessing control server.
Said accessing control server comprises network insertion strategy execution parts, and network insertion strategy execution parts are handled the network insertion request of portable terminal according to the judged result of access strategy server.
Said access strategy server comprises integrity verification person, credible Connection Service device end and network insertion authorization module; The integrity verification person verifies the integrity value of portable terminal; Credible Connection Service device end is provided with the platform identity and the completeness of platform state of network insertion strategy, checking portable terminal, and provides the network insertion suggestion; The network insertion authorization module receives the suggestion of credible Connection Service device end transmission and is transported to accessing control server.
Compared with prior art, good effect of the present invention is:
The invention has the advantages that, two-way platform authentication is provided, AR and PDP can verify the other side's platform evidence of identity and integrality state each other.Completeness of platform through the checking both sides is set up the trusting relationship between AR and the PDP.PDP is the define grid access strategy independently; PDP can take assessment, isolation and corrective action to AR; When the environment of network access request person's end points machine can not reach trust in the access control safety strategy and requires; The network access authority that will be authorized part go to visit one independently network (both can make be physically independently network also can be network independently in logic), this independently network will allow them through the necessary assembly of access control policy for they provide enough connections to download, install and upgrade.Through above measure, portable terminal trustable network access technology can be good at guaranteeing that Internet resources are protected.
Description of drawings
Fig. 1 is a portable terminal trustable network connecting system structural representation block diagram;
Fig. 2 is the flow chart of portable terminal trustable network cut-in method.
Embodiment
Below in conjunction with the concrete elaboration of accompanying drawing portable terminal trustable network access technology of the present invention.
As shown in Figure 1, portable terminal trustable network connecting system comprises portable terminal, accessing control server and the access strategy server that request inserts.
1. send the portable terminal (AR of the request of access; Access Requestor); Be connected with PEP through wireless, it is equipped with network insertion commonly used usually and brings in the general network access mode of support, like 802.1x; The AR deploy has integrality gatherer (IMC; Integrity Measurement Collector Interface), trustable network connects client (TNCC, Trusted Network Connect Client) and network insertion requestor (NAR, Network Access Requestor).
2. network access equipment (PEP, Policy Enforcement Point), for example AP, vpn gateway etc. need to support 802.1x and VPN access way commonly used.The PEP deploy has network insertion strategy execution parts (NAE, Network Access Enforcer).
3. access strategy server (PDP, Policy Decision Point), PDP be with determining whether allowing AR to insert, and PDP is RADIUS and Diameter server normally.The PDP deploy has integrity verification person (IMV; Integrity Measurement Verifiers), credible Connection Service device end (TNCS; Trusted Network Connect Server) and network insertion authorization server (NAA, Network Access Authority).
Portable terminal trustable network access technology logically is divided into three levels (from top to bottom):
Ground floor: integrality collection/checking layer.IMC and IMV be in the work of this level, operates in the integrity value that modes such as configuration file through reading portable terminal of IMC on the portable terminal, scanning executable file are collected portable terminal, and submit to IMV and verify.Integrity verification person IMV collects the integrity value of access strategy server, and submits to IMC and verify through the configuration file, the scanning executable file mode that read the access strategy server.
The second layer: integrity assessment layer.TNCC and TNCS are in this level work; Whether the numerical value of expecting during TNCC is responsible for initialization and loads IMC, system integrity value and inherently safe strategy through TNCS relatively is identical; Verify the connection between TNCS platform identity and integrality state, management and the TNCS, the portable terminal integrity measurement value that reception IMC sends, and it is transmitted to TNCS.Whether platform identity and completeness of platform state, the integrity measurement value of checking AR, the running status of assessment AR that TNCS comprises network insertion strategy (like " allowing to insert ", " allowing to insert the subnetwork resource ", " refusal inserts, and isolates portable terminal " etc.), checking AR satisfy the network insertion strategy and provide the TNCS suggestion.
The 3rd layer: network access layer.NAR, NAE and NAA are in this layer work, and NAE is responsible for communicating by letter with NAA, and NAE is responsible for transmitting access message to NAA, and NAA receives the TNCS suggestion and sends to NAE and carries out.
As shown in Figure 2, the concrete implementation of portable terminal trustable network cut-in method is following:
1. move and insert the client and server initialization:
TNCC is written into IMC and detects the integrality of IMC and (prevents to be written into the IMC that suffers that Malware is forged, distorted; Guarantee the credibility of IMC); TNCS is written into IMV and detects the integrality of IMV (prevent to be written into the IMV that suffers that Malware is forged, distorted, guarantee the credibility of IMV).IMC and IMV show as a dynamic link libraries (like dll file, so file or jar file).After the completeness check success, system is ready, can initiate to insert request.
2.AR NAR send the network insertion request message to PEP:
The form of network insertion request message is following:
Wherein, Username is a user name, is the character string with 0 ending.The user of expression current request access network.Password refers to user password, is the character string with 0 ending equally.IDNum refers to the Property ID number, and AttID refers to Property ID, and expression current request platform can provide the Property ID of integrity report.
The mode that move to insert the webservice that communicating by letter between client and the server provide with the invoking server end realizes.Webservice defines as follows:
TNCC calls this web service and TNCS exchanges messages; Connection representes unique indications of current access; Term_address representes to insert the IP of portable terminal; Tnc_message_in representes that trustable network to be transmitted inserts message, and tnc_message_out representes that the trustable network of receiving inserts message.
3.PEP after receiving the network requests message that NAR sends, PEP sends the network insertion decision request to NAA.After NAA received the network insertion decision request that PEP sends, the identity of checking AR was if the authenticated failure then directly requires the network connecting request of PEP refusal AR.
4.TNCC and accomplish platform authentication and completeness of platform state verification between the TNCS, and notify the new network connecting request that is connected of IMC and IMV to begin respectively.
5.TNCS the information of IMC is issued IMV, and IMV verifies the integrality of IMC, and exchanges messages through TNCS and IMC.The message that TNCC sends TNCS is passed to suitable IMC, and IMC verifies the integrality of IMV, and exchanges messages through TNCC and IMV, and the portable terminal AR system integrity information of then AMC being collected sends to IMV.Both sides' interactive messages comprises the concrete request (collecting operating system version and the patch information of portable terminal etc. like request) of the collection mobile terminal system integrality that IMV sends to IMC; A series of integrity value (like operating system version and patch information etc.) of this portable terminal that the request of collecting is collected according to integrality that IMC returns to IMV; The concrete request of the collection access strategy server system integrality that IMC sends to IMV; A series of integrity value of the access strategy server that the request of collecting is collected according to integrality that IMV returns to IMC.When the IMV decision provides IMV action suggestion (like " allowing to insert ", " allowing to insert the subnetwork resource ", " refusal inserts; isolate portable terminal " etc.); IMV passes to TNCS with message; TNCS forms TNCS access suggestion according to IMV action suggestion and the security strategy of self, and carries out TNCS and insert suggestion, the completion access process.
The data structure of mobile terminal system integrity properties ID comprises: integrity properties Id, integrity properties length, integrity properties value, and its form is following:
Wherein the value of 32 digital id is used to represent an integrity properties to be collected.The length of the integrity value that length refers to collect, value is the integrity value of collecting.
6.TNCS the TNCS suggestion is made in suggestion according to IMV, and gives NAA with TNCS suggestion notice.NAA allows, refuses according to TNCS suggestion decision or part is authorized AR network access authority, and NAA notifies final decision to PEP.NAA communicates through the WebService that calls PEP and provide, and WebService defines as follows:
Wherein, the terminal IP that term_address refers to an access, allowed refer to allow the IP and the port list that insert.
Although disclose specific embodiment of the present invention and accompanying drawing for the purpose of illustration; Its purpose is to help to understand content of the present invention and implement according to this; But it will be appreciated by those skilled in the art that: in the spirit and scope that do not break away from the present invention and appended claim, various replacements, variation and modification all are possible.Therefore, the present invention should not be limited to most preferred embodiment and the disclosed content of accompanying drawing, and the scope that the present invention requires to protect is as the criterion with the scope that claims define.
Claims (9)
1. a portable terminal trustable network cut-in method the steps include:
1) portable terminal is written into integrality gatherer IMC and detects its integrality, access strategy server person IMV that is written into the integrity verification and detect its integrality;
2) portable terminal sends the network insertion request to accessing control server;
3) after accessing control server is received the network insertion request, send the network insertion decision request to the access strategy server;
4) after the access strategy server is received decision request, checking mobile terminal user identity;
5) after the mobile terminal user authentication is passed through, begin to carry out the platform authentication between access strategy server and the portable terminal;
6) portable terminal and access strategy server send message each other, verify both sides' system integrity each other, set up portable terminal and access strategy server both sides' platform trusting relationship;
7) the access strategy server sends the suggestion that whether inserts according to said platform trusting relationship to accessing control server, and accessing control server advises that according to this permission, refusal or part are authorized the mobile terminal network access rights.
2. the method for claim 1 is characterized in that the method for said portable terminal and access strategy server authentication both sides' system integrity is:
1) the integrality gatherer IMC of integrity verification person IMV on portable terminal on the access strategy server sends the request message of collecting the mobile terminal system integrality;
2) integrality gatherer IMC returns the integrity value of the portable terminal of collecting to integrity verification person IMV;
3) the integrity verification person IMV of integrality gatherer IMC on the access strategy server sends the request message of collecting access strategy server system integrality;
4) integrity verification person IMV returns the integrity value of the access strategy server of collecting to integrality gatherer IMC;
5) integrity value returned according to integrality gatherer IMC of integrity verification person IMV, the system integrity of checking portable terminal is made suggestion to whether allowing portable terminal to insert; The system integrity that integrality gatherer IMC returns according to integrity verification person IMV confirms whether the access strategy server can trust.
3. method as claimed in claim 2 is characterized in that described request message comprises operating system version, whether Malware and patch information are arranged.
4. method as claimed in claim 2 is characterized in that said integrality gatherer IMC is through the configuration file that reads portable terminal, the integrity value that scanning executable file mode is collected portable terminal; Said integrity verification person IMV is through the configuration file that reads the access strategy server, the integrity value that scanning executable file mode is collected the access strategy server.
5. method as claimed in claim 2 is characterized in that whether the numerical value of expecting in the system integrity value of portable terminal through comparison access strategy server and the portable terminal inherently safe strategy is identical, the identity and the integrality state of checking access strategy server.
6. the method for claim 1 is characterized in that said network insertion request message comprises: user name, user password, Property ID, Property ID number; The data structure of said Property ID comprises: integrity properties Id, integrity properties length, integrity properties value.
7. portable terminal trustable network connecting system is characterized in that comprising portable terminal AR, accessing control server PEP and the access strategy server PDP of the network interconnection;
Said portable terminal comprises that integrality gatherer, trustable network connect client and network insertion requestor; Trustable network connection client is used to receive the integrity value of integrality gatherer transmission and sends to the access strategy server to be verified; The network insertion requestor is used for sending the request of access to accessing control server;
Said accessing control server is used for according to the judged result of access strategy server the network insertion request of portable terminal being handled;
Said access strategy server comprises integrity verification person, credible Connection Service device end and network insertion authorization module; The integrity verification person verifies the integrity value of portable terminal; Credible Connection Service device end is provided with the platform identity and the completeness of platform state of network insertion strategy, checking portable terminal, and provides the network insertion suggestion; The network insertion authorization module receives the suggestion of credible Connection Service device end transmission and is transported to accessing control server.
8. system as claimed in claim 7 is characterized in that said network insertion request message comprises: user name, user password, Property ID, Property ID number.
9. system as claimed in claim 8 is characterized in that the data structure of said Property ID comprises: integrity properties Id, integrity properties length, integrity properties value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210222083XA CN102740296A (en) | 2012-06-28 | 2012-06-28 | Trusted network access method and system for mobile terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210222083XA CN102740296A (en) | 2012-06-28 | 2012-06-28 | Trusted network access method and system for mobile terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102740296A true CN102740296A (en) | 2012-10-17 |
Family
ID=46994897
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210222083XA Pending CN102740296A (en) | 2012-06-28 | 2012-06-28 | Trusted network access method and system for mobile terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102740296A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103780395A (en) * | 2014-01-24 | 2014-05-07 | 广东电网公司电力科学研究院 | Method and system for proving bidirectional measurement through network access |
| WO2014176743A1 (en) * | 2013-04-28 | 2014-11-06 | 华为终端有限公司 | Method, device and system for configuring wireless terminal |
| WO2015106565A1 (en) * | 2014-01-17 | 2015-07-23 | 中兴通讯股份有限公司 | Method and device for controlling congestion when accessing core network via twan |
| CN106713258A (en) * | 2015-11-17 | 2017-05-24 | 现代自动车株式会社 | Method and apparatus for providing security service for vehicle-dedicated data channel |
| CN106713229A (en) * | 2015-11-13 | 2017-05-24 | 国网智能电网研究院 | Intelligent power grid terminal trusted access system based on user behaviors and intelligent power grid terminal trusted access method thereof |
| CN108243631A (en) * | 2016-10-27 | 2018-07-03 | 华为技术有限公司 | A kind of method and apparatus for accessing network |
| CN109729523A (en) * | 2017-10-31 | 2019-05-07 | 华为技术有限公司 | A kind of method and apparatus of terminal networking certification |
| CN115150833A (en) * | 2022-09-05 | 2022-10-04 | 北京珞安科技有限责任公司 | Network access control system and method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101159640A (en) * | 2007-11-16 | 2008-04-09 | 西安西电捷通无线网络通信有限公司 | Ternary equal identification based reliable network access control system |
| CN101350721A (en) * | 2007-07-20 | 2009-01-21 | 华为技术有限公司 | Network system, network access method and network appliance |
| CN102035838A (en) * | 2010-12-07 | 2011-04-27 | 中国科学院软件研究所 | Trust service connecting method and trust service system based on platform identity |
-
2012
- 2012-06-28 CN CN201210222083XA patent/CN102740296A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350721A (en) * | 2007-07-20 | 2009-01-21 | 华为技术有限公司 | Network system, network access method and network appliance |
| CN101159640A (en) * | 2007-11-16 | 2008-04-09 | 西安西电捷通无线网络通信有限公司 | Ternary equal identification based reliable network access control system |
| WO2009065350A1 (en) * | 2007-11-16 | 2009-05-28 | China Iwncomm Co., Ltd. | A trusted network acces control system based ternery equal identification |
| CN102035838A (en) * | 2010-12-07 | 2011-04-27 | 中国科学院软件研究所 | Trust service connecting method and trust service system based on platform identity |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10091650B2 (en) | 2013-04-28 | 2018-10-02 | Huawei Device (Dongguan) Co., Ltd. | Wireless terminal configuration method, device, and system |
| WO2014176743A1 (en) * | 2013-04-28 | 2014-11-06 | 华为终端有限公司 | Method, device and system for configuring wireless terminal |
| CN105009618A (en) * | 2013-04-28 | 2015-10-28 | 华为终端有限公司 | Method, device and system for configuring wireless terminal |
| CN105009618B (en) * | 2013-04-28 | 2019-05-10 | 华为终端(东莞)有限公司 | A kind of method of configuration of wireless terminal, equipment and system |
| WO2015106565A1 (en) * | 2014-01-17 | 2015-07-23 | 中兴通讯股份有限公司 | Method and device for controlling congestion when accessing core network via twan |
| CN103780395A (en) * | 2014-01-24 | 2014-05-07 | 广东电网公司电力科学研究院 | Method and system for proving bidirectional measurement through network access |
| CN103780395B (en) * | 2014-01-24 | 2017-11-10 | 广东电网公司电力科学研究院 | Network insertion proves the method and system of two-way measurement |
| CN106713229A (en) * | 2015-11-13 | 2017-05-24 | 国网智能电网研究院 | Intelligent power grid terminal trusted access system based on user behaviors and intelligent power grid terminal trusted access method thereof |
| CN106713258A (en) * | 2015-11-17 | 2017-05-24 | 现代自动车株式会社 | Method and apparatus for providing security service for vehicle-dedicated data channel |
| CN106713258B (en) * | 2015-11-17 | 2020-11-10 | 现代自动车株式会社 | Method and apparatus for providing security service for vehicle-specific data channel |
| CN108243631A (en) * | 2016-10-27 | 2018-07-03 | 华为技术有限公司 | A kind of method and apparatus for accessing network |
| CN108243631B (en) * | 2016-10-27 | 2020-11-06 | 华为技术有限公司 | Network access method and equipment |
| US10904763B2 (en) | 2016-10-27 | 2021-01-26 | Huawei Technologies Co., Ltd. | Network access method and device |
| CN109729523A (en) * | 2017-10-31 | 2019-05-07 | 华为技术有限公司 | A kind of method and apparatus of terminal networking certification |
| WO2019085531A1 (en) * | 2017-10-31 | 2019-05-09 | 华为技术有限公司 | Method and device for network connection authentication |
| US11432150B2 (en) | 2017-10-31 | 2022-08-30 | Huawei Technologies Co., Ltd. | Method and apparatus for authenticating network access of terminal |
| CN115150833A (en) * | 2022-09-05 | 2022-10-04 | 北京珞安科技有限责任公司 | Network access control system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102740296A (en) | Trusted network access method and system for mobile terminal | |
| CN102047262B (en) | Authentication for distributed secure content management system | |
| EP2180632B1 (en) | A method for trusted network connect based on tri-element peer authentication | |
| EP2574098B1 (en) | Managing mobile device applications in a wireless network | |
| EP2574090B1 (en) | Managing mobile device applications | |
| EP1782265B1 (en) | System and method for secure network connectivity | |
| RU2437228C2 (en) | System of trustworthy network connection for safety improvement | |
| CN104202338B (en) | A kind of safety access method being applicable to enterprise-level Mobile solution | |
| US8359464B2 (en) | Quarantine method and system | |
| KR100835820B1 (en) | Total internet security system and method the same | |
| US7805512B2 (en) | Remote configuration, provisioning and/or updating in a layer two authentication network | |
| US20050132229A1 (en) | Virtual private network based on root-trust module computing platforms | |
| JP2019526993A (en) | Network function virtualization system and verification method | |
| EP2421215B1 (en) | Method for establishing trusted network connect framework of tri-element peer authentication | |
| CN114143034A (en) | Network access security detection method and device | |
| CN114553540B (en) | Zero trust-based Internet of things system, data access method, device and medium | |
| JPWO2009087702A1 (en) | Virtual machine execution program, user authentication program, and information processing apparatus | |
| EP3042487B1 (en) | Secured mobile communications device | |
| CN106059802B (en) | Terminal access authentication method and device | |
| US9021253B2 (en) | Quarantine method and system | |
| CN115150208A (en) | Zero-trust-based Internet of things terminal secure access method and system | |
| CN104104745B (en) | A kind of electric network terminal safety permission method | |
| CN103780395B (en) | Network insertion proves the method and system of two-way measurement | |
| CN112016073A (en) | Method for constructing server zero trust connection architecture | |
| CN114915427B (en) | Access control method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20121017 |