CN102823219B - 保护对经由实现本方法的设备可访问的数据或服务的访问的方法和相应设备 - Google Patents

保护对经由实现本方法的设备可访问的数据或服务的访问的方法和相应设备 Download PDF

Info

Publication number
CN102823219B
CN102823219B CN201180015324.7A CN201180015324A CN102823219B CN 102823219 B CN102823219 B CN 102823219B CN 201180015324 A CN201180015324 A CN 201180015324A CN 102823219 B CN102823219 B CN 102823219B
Authority
CN
China
Prior art keywords
source
request
identifier
session
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201180015324.7A
Other languages
English (en)
Chinese (zh)
Other versions
CN102823219A (zh
Inventor
D.费伊汤斯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
InterDigital CE Patent Holdings SAS
Original Assignee
Thomson Licensing SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thomson Licensing SAS filed Critical Thomson Licensing SAS
Publication of CN102823219A publication Critical patent/CN102823219A/zh
Application granted granted Critical
Publication of CN102823219B publication Critical patent/CN102823219B/zh
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/142Managing session states for stateless protocols; Signalling session states; State transitions; Keeping-state mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0254Stateful filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
CN201180015324.7A 2010-03-22 2011-03-21 保护对经由实现本方法的设备可访问的数据或服务的访问的方法和相应设备 Expired - Fee Related CN102823219B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
EP10447009.1 2010-03-22
EP10447009A EP2369808A1 (en) 2010-03-22 2010-03-22 Method of securing access to data or a service that is accessible via a device implementing the method and corresponding device
PCT/EP2011/054270 WO2011117205A1 (en) 2010-03-22 2011-03-21 Method of securing access to data or services that are accessible via a device implementing the method and corresponding device

Publications (2)

Publication Number Publication Date
CN102823219A CN102823219A (zh) 2012-12-12
CN102823219B true CN102823219B (zh) 2015-11-25

Family

ID=43012636

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201180015324.7A Expired - Fee Related CN102823219B (zh) 2010-03-22 2011-03-21 保护对经由实现本方法的设备可访问的数据或服务的访问的方法和相应设备

Country Status (7)

Country Link
US (1) US9531717B2 (enExample)
EP (2) EP2369808A1 (enExample)
JP (1) JP5869552B2 (enExample)
KR (1) KR20130018703A (enExample)
CN (1) CN102823219B (enExample)
BR (1) BR112012023977A2 (enExample)
WO (1) WO2011117205A1 (enExample)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571776A (zh) * 2011-12-28 2012-07-11 中兴通讯股份有限公司 数字生活网络联盟设备的接入控制方法及装置
US9537716B1 (en) * 2012-06-18 2017-01-03 Crimson Corporation Establishing a direct connection between remote devices
US9009546B2 (en) * 2012-09-27 2015-04-14 International Business Machines Heuristic failure prevention in software as a service (SAAS) systems
CN102938717B (zh) * 2012-10-11 2018-01-30 中兴通讯股份有限公司 一种对dlna设备进行播放控制的方法、设备和系统
KR20140052703A (ko) * 2012-10-25 2014-05-07 삼성전자주식회사 프록시 서버를 이용한 웹 서비스 가속 방법 및 장치
US9590817B2 (en) * 2014-04-01 2017-03-07 Belkin International Inc. Logical network generation using primary gateway credentials
SE541314C2 (en) * 2017-10-31 2019-06-25 Telia Co Ab Methods and apparatuses for routing data packets in a network topology

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0909074A1 (en) * 1997-09-12 1999-04-14 Lucent Technologies Inc. Methods and apparatus for a computer network firewall with multiple domain support
US6073178A (en) * 1996-12-09 2000-06-06 Sun Microsystems, Inc. Method and apparatus for assignment of IP addresses
US6141758A (en) * 1997-07-14 2000-10-31 International Business Machines Corporation Method and system for maintaining client server security associations in a distributed computing system
US20050015601A1 (en) * 2003-07-17 2005-01-20 International Business Machines Corporation Methods, systems, and media to authenticate a user
US20090055912A1 (en) * 2007-08-21 2009-02-26 Nhn Corporation User authentication system using ip address and method thereof

Family Cites Families (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2422268C (en) 1998-08-06 2004-12-14 Cryptek, Inc. Multi-level security network system
US7174018B1 (en) 1999-06-24 2007-02-06 Nortel Networks Limited Security framework for an IP mobility system using variable-based security associations and broker redirection
JP2002176432A (ja) * 2000-12-05 2002-06-21 Sony Corp 通信中継装置、通信中継方法、および通信端末装置、並びにプログラム記憶媒体
GB2367986B (en) 2001-03-16 2002-10-09 Ericsson Telefon Ab L M Address mechanisms in internet protocol
JP4759823B2 (ja) * 2001-03-19 2011-08-31 ソニー株式会社 ネットワークシステム、端末装置、サーバ、通信方法、プログラムおよび記録媒体
US7769845B2 (en) * 2001-05-04 2010-08-03 Whale Communications Ltd Method and system for terminating an authentication session upon user sign-off
US8346951B2 (en) * 2002-03-05 2013-01-01 Blackridge Technology Holdings, Inc. Method for first packet authentication
CA2406565A1 (en) 2002-10-04 2004-04-04 Ibm Canada Limited-Ibm Canada Limitee Method and apparatus for using business rules or user roles for selecting portlets in a web portal
WO2004071015A1 (ja) * 2003-02-07 2004-08-19 Fujitsu Limited セッション管理プログラム、セッション管理方法およびセッション管理装置
US20050162424A1 (en) 2003-02-07 2005-07-28 Yuko Imai Computer product, session management method, and session management apparatus
JP3914193B2 (ja) * 2003-09-08 2007-05-16 株式会社野村総合研究所 認証を得て暗号通信を行う方法、認証システムおよび方法
US20050076369A1 (en) * 2003-10-06 2005-04-07 Zhijun Cai Method and apparatus for assigning temporary mobile group identity in a multimedia broadcast/multicast service
US7269146B2 (en) * 2003-10-20 2007-09-11 Motorola Inc. Method and apparatus for interchanging and processing mobile radio subsystem control information
US8578462B2 (en) 2003-12-12 2013-11-05 Avaya Inc. Method and system for secure session management in a web farm
JP4063220B2 (ja) * 2004-01-14 2008-03-19 日本電気株式会社 コンピュータシステム、サーバ計算機、コンピュータシステムのアプリケーション更新方法、プログラム
JP2005318121A (ja) * 2004-04-27 2005-11-10 Ntt Docomo Inc セッション管理装置
JP4873898B2 (ja) * 2004-08-02 2012-02-08 株式会社リコー ウェブ認証方法及びウェブ認証サーバー
JP4704000B2 (ja) * 2004-09-30 2011-06-15 フェリカネットワークス株式会社 通信システムおよび通信方法
US7492764B2 (en) * 2004-10-12 2009-02-17 Innomedia Pte Ltd System for management of equipment deployed behind firewalls
JP4527491B2 (ja) * 2004-10-19 2010-08-18 エヌ・ティ・ティ・コミュニケーションズ株式会社 コンテンツ提供システム
JP2006217096A (ja) 2005-02-02 2006-08-17 Nec Corp 移動管理システム、移動管理サーバ及びそれらに用いる移動管理方法並びにそのプログラム
US20090151006A1 (en) * 2005-08-31 2009-06-11 Sony Corporation Group registration device, group registration release device, group registration method, license acquisition device, license acquisition method, time setting device, and time setting method
JP4760233B2 (ja) * 2005-08-31 2011-08-31 ソニー株式会社 グループ登録装置,グループ登録方法,グループ登録解除装置,及びグループ登録解除方法
US20070162968A1 (en) * 2005-12-30 2007-07-12 Andrew Ferreira Rule-based network address translation
JP4823717B2 (ja) * 2006-02-28 2011-11-24 株式会社日立製作所 暗号通信システム、端末状態管理サーバ、暗号通信方法、および端末状態管理方法
US7930734B2 (en) 2006-04-28 2011-04-19 Cisco Technology, Inc. Method and system for creating and tracking network sessions
JP2008046875A (ja) * 2006-08-16 2008-02-28 Nec Corp 通信フィルタリングシステムおよび方法
US8108677B2 (en) 2006-10-19 2012-01-31 Alcatel Lucent Method and apparatus for authentication of session packets for resource and admission control functions (RACF)
US8286225B2 (en) * 2009-08-07 2012-10-09 Palo Alto Research Center Incorporated Method and apparatus for detecting cyber threats

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6073178A (en) * 1996-12-09 2000-06-06 Sun Microsystems, Inc. Method and apparatus for assignment of IP addresses
US6141758A (en) * 1997-07-14 2000-10-31 International Business Machines Corporation Method and system for maintaining client server security associations in a distributed computing system
EP0909074A1 (en) * 1997-09-12 1999-04-14 Lucent Technologies Inc. Methods and apparatus for a computer network firewall with multiple domain support
US20050015601A1 (en) * 2003-07-17 2005-01-20 International Business Machines Corporation Methods, systems, and media to authenticate a user
US20090055912A1 (en) * 2007-08-21 2009-02-26 Nhn Corporation User authentication system using ip address and method thereof

Also Published As

Publication number Publication date
EP2550784B1 (en) 2014-12-31
CN102823219A (zh) 2012-12-12
EP2550784A1 (en) 2013-01-30
US9531717B2 (en) 2016-12-27
JP5869552B2 (ja) 2016-02-24
JP2013522786A (ja) 2013-06-13
BR112012023977A2 (pt) 2016-08-02
EP2369808A1 (en) 2011-09-28
KR20130018703A (ko) 2013-02-25
US20130198825A1 (en) 2013-08-01
WO2011117205A1 (en) 2011-09-29

Similar Documents

Publication Publication Date Title
US20240121211A1 (en) Systems and methods for continuous fingerprinting to detect session hijacking inside zero trust private networks
US11652792B2 (en) Endpoint security domain name server agent
US10298610B2 (en) Efficient and secure user credential store for credentials enforcement using a firewall
US10425387B2 (en) Credentials enforcement using a firewall
US8418241B2 (en) Method and system for traffic engineering in secured networks
US9210126B2 (en) Method for secure single-packet authorization within cloud computing networks
CN101248613B (zh) 用于安全通信网络尤其是安全ip电话网络的可信装置准入方案
CN102823219B (zh) 保护对经由实现本方法的设备可访问的数据或服务的访问的方法和相应设备
US20160359807A1 (en) Destination domain extraction for secure protocols
JP2005503047A (ja) 安全なネットワークを供給するための装置と方法
CN114995214A (zh) 远程访问应用的方法、系统、装置、设备及存储介质
WO2023279782A1 (zh) 一种访问控制方法、访问控制系统及相关设备
CN115603932A (zh) 一种访问控制方法、访问控制系统及相关设备
JP5864598B2 (ja) ユーザにサービスアクセスを提供する方法およびシステム
US20150249639A1 (en) Method and devices for registering a client to a server
US11736516B2 (en) SSL/TLS spoofing using tags
Samyuel et al. Securing IoT device communication against network flow attacks with Recursive Internetworking Architecture (RINA)
JP2017201774A (ja) 通信装置、通信方法、及びプログラム
Gao et al. Security tests and attack experimentations of ProtoGENI
US10079857B2 (en) Method of slowing down a communication in a network
CN116684113A (zh) 一种基于软件定义边界sdp的业务处理方法及相关装置
KR102877872B1 (ko) 서버 주소 노출을 방지하기 위한 주소변이 및 포토변이 전용 게이트웨이 장치 및 이를 포함한 시스템, 이의 방법
Young Detecting Wireless Security Threats Through IEEE 802.11 Frame Field Anomalies
EP3720081A1 (en) System and method for processing a software application on a port
Cui Cross-validation based man-in-the-middle attack protection

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20190529

Address after: Paris France

Patentee after: Interactive Digital CE Patent Holding Company

Address before: I Si Eli Murli Nor, France

Patentee before: Thomson Licensing Corp.

TR01 Transfer of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20151125

Termination date: 20210321

CF01 Termination of patent right due to non-payment of annual fee