CN105991576B - A kind of delivery method and equipment of security strategy - Google Patents
A kind of delivery method and equipment of security strategy Download PDFInfo
- Publication number
- CN105991576B CN105991576B CN201510070410.8A CN201510070410A CN105991576B CN 105991576 B CN105991576 B CN 105991576B CN 201510070410 A CN201510070410 A CN 201510070410A CN 105991576 B CN105991576 B CN 105991576B
- Authority
- CN
- China
- Prior art keywords
- mobile terminal
- terminal device
- certificate server
- facility information
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of delivery method of security strategy and equipment, this method comprises: the certificate server of roaming place obtains the corresponding facility information of mobile terminal device, and the corresponding facility information of the mobile terminal device are added in request message;Request message is sent to the certificate server of ownership place by the certificate server of the roaming place, and the certificate server of ownership place determines the security strategy of the mobile terminal device using the facility information;The certificate server of the roaming place receives the response message of the certificate server from the ownership place;Wherein, the security strategy of the mobile terminal device is carried in the response message;The security strategy of the mobile terminal device is handed down to access device by the certificate server of the roaming place, carries out access control to the mobile terminal device using the security strategy by the access device.It, can be to avoid the security risk of enterprise network and data in the embodiment of the present invention.
Description
Technical field
The present invention relates to field of communication technology more particularly to the delivery methods and equipment of a kind of security strategy.
Background technique
Currently, mobile terminal device (such as smart phone, tablet computer) is more and more, business communicative channel is increased,
The mobile terminal device of oneself can be brought into work by employee, and (Bring Your Own Device, carries oneself to BYOD
Equipment office) becoming a kind of trend.Due to employee mobile terminal device usually can not according to enterprise security specification into
Row strict control, therefore, in employee using mobile terminal device access enterprise networks network and enterprise in application, the network sum number of enterprise
According to being faced with security threat.Therefore, enterprise needs to formulate security strategy to control these mobile terminal devices, to ensure enterprise network
The safety of network and data.In order to which corresponding security strategy is arranged to mobile terminal device, need to obtain setting for mobile terminal device
Standby information, and corresponding security strategy is set using the facility information of mobile terminal device, and in mobile terminal device access,
Utilize the access procedure of security strategy control mobile terminal device.
Since there is mobile terminal device mobility to only have if mobile terminal device is authenticated to roaming place
The certificate server of roaming place can obtain the facility information of mobile terminal device, and the certificate server of ownership place can not obtain
The facility information of mobile terminal device, therefore, the certificate server of ownership place mobile terminal device can not be arranged corresponding peace
Full strategy, to bring some potential safety problems.
Summary of the invention
The embodiment of the present invention provides a kind of delivery method of security strategy, the described method comprises the following steps:
The certificate server of roaming place obtains the corresponding facility information of mobile terminal device, and in asking from access device
It asks and adds the corresponding facility information of the mobile terminal device in message;
Request message is sent to the certificate server of ownership place by the certificate server of the roaming place, by recognizing for ownership place
Facility information described in card server by utilizing determines the security strategy of the mobile terminal device;
The certificate server of the roaming place receives the response message of the certificate server from the ownership place;Wherein,
The security strategy of the mobile terminal device is carried in the response message;
The security strategy of the mobile terminal device is handed down to access device by the certificate server of the roaming place, by institute
It states access device and access control is carried out to the mobile terminal device using the security strategy.
The certificate server of the roaming place obtains the process of the corresponding facility information of mobile terminal device, specifically includes:
The certificate server of the roaming place receives the finger print information from dynamic host configuration protocol DHCP server, and from the finger
The corresponding facility information of mobile terminal device is obtained in line information;Alternatively,
Finger print information of the certificate server reception from hypertext transfer protocol HTTP server of the roaming place, and from
The corresponding facility information of mobile terminal device is obtained in the finger print information.
The certificate server of the roaming place adds the corresponding facility information of the mobile terminal device in request message
Process, specifically include:
The certificate server of the roaming place adds in the request message acts on behalf of Proxy- state State attribute, and
The corresponding facility information of the mobile terminal device is added in the Proxy-State attribute.
The request message is specially authentication request packet, and the response message is specially authentication response message;Alternatively, institute
Stating request message is specially charging starting request message, and the response message is specially charging confirmation response message.
The corresponding facility information of the mobile terminal device specifically includes following one or any combination: it is described it is mobile eventually
The corresponding manufacturer's information of end equipment, type information, version number information, operation system information.
The embodiment of the present invention provides a kind of equipment that issues of security strategy, and the equipment that issues takes as the certification of roaming place
Business device, the certificate server of the roaming place specifically include:
Processing module, for obtaining the corresponding facility information of mobile terminal device, and in the request report from access device
The corresponding facility information of the mobile terminal device is added in text;
Sending module, for request message to be sent to the certificate server of ownership place, by the certificate server of ownership place
The security strategy of the mobile terminal device is determined using the facility information;
Receiving module, for receiving the response message of the certificate server from the ownership place;Wherein, the response report
The security strategy of the mobile terminal device is carried in text;
Module is issued, for the security strategy of the mobile terminal device to be handed down to access device, is set by the access
It is standby that access control is carried out to the mobile terminal device using the security strategy.
The processing module is specifically used for receiving and during acquisition mobile terminal device corresponding facility information
From the finger print information of dynamic host configuration protocol Dynamic Host Configuration Protocol server, and mobile terminal device is obtained from the finger print information and is corresponded to
Facility information;Alternatively, receiving the finger print information from hypertext transfer protocol HTTP server, and from the finger print information
Obtain the corresponding facility information of mobile terminal device.
The processing module, specifically for adding the corresponding facility information of the mobile terminal device in request message
In the process, Proxy- state State attribute is acted on behalf of in addition in the request message, and in the Proxy-State attribute
Add the corresponding facility information of the mobile terminal device.
The request message is authentication request packet, and the response message is authentication response message;Alternatively, the request report
Text is charging starting request message, and the response message is that charging confirms response message.
The corresponding facility information of the mobile terminal device specifically includes following one or any combination: it is described it is mobile eventually
The corresponding manufacturer's information of end equipment, type information, version number information, operation system information.
Based on the above-mentioned technical proposal, in the embodiment of the present invention, the certificate server of roaming place can be by mobile terminal device
Corresponding facility information is notified to the certificate server of ownership place, utilizes mobile terminal device pair by the certificate server of ownership place
The facility information answered determines the security strategy of mobile terminal device, and is finally handed down to the security strategy of mobile terminal device and connects
Enter equipment, so that access device, which can use the security strategy, carries out access control to mobile terminal device, avoids enterprise
The security risk of network and data.
Detailed description of the invention
Fig. 1 is the application scenarios schematic diagram proposed in the embodiment of the present invention;
Fig. 2 is a kind of delivery method flow diagram of security strategy provided in an embodiment of the present invention;
Fig. 3 is a kind of structural schematic diagram of the certificate server of roaming place provided in an embodiment of the present invention.
Specific embodiment
Aiming at the problems existing in the prior art, the embodiment of the present invention provides a kind of delivery method of security strategy, with Fig. 1
For the application scenarios schematic diagram of the embodiment of the present invention, if mobile terminal device (such as smart phone, tablet computer) needs to exist
When network is accessed in roaming place, this method is applied to the access device (such as NAS (Network including mobile terminal device, roaming place
Access Server, network access server), NAS is to support RADIUS (Remote Authentication Dial In
User Service, remote customer dialing authentication system) agreement interchanger, router etc.), the certificate server of roaming place
In the network of the certificate server of (such as radius server), ownership place.Further, the certificate server of roaming place is
Proxy server in radius protocol, and the certificate server of ownership place is the destination server of agency.
Under above-mentioned application scenarios, as shown in Fig. 2, the delivery method of the security strategy the following steps are included:
Step 201, the certificate server of roaming place obtains the corresponding facility information of mobile terminal device, and from access
The corresponding facility information of the mobile terminal device is added in the request message of equipment.Wherein, the mobile terminal device is corresponding sets
Standby information is specifically including but not limited to following one or any combination: the corresponding manufacturer's information of mobile terminal device, type letter
Breath, version number information, operation system information.
In the embodiment of the present invention, the certificate server of roaming place obtains the mistake of the corresponding facility information of mobile terminal device
Journey is specifically including but not limited to such as under type: the certificate server of roaming place, which receives, comes from DHCP (Dynamic Host
Configuration Protocol, dynamic host configuration protocol) server finger print information, and obtained from the finger print information
The corresponding facility information of mobile terminal device.Alternatively, the certificate server of roaming place, which receives, comes from HTTP (Hyper Text
Transfer Protocol, hypertext transfer protocol) server finger print information, and obtain from the finger print information it is mobile eventually
The corresponding facility information of end equipment.
During mobile terminal device application IP address, mobile terminal device can send DHCP to Dynamic Host Configuration Protocol server and ask
Seek message.Access device sends out the DHCP request message after receiving the DHCP request message from mobile terminal device
Give Dynamic Host Configuration Protocol server.Further, Dynamic Host Configuration Protocol server can obtain finger print information from DHCP request message, and by the fingerprint
Information is sent to the certificate server of roaming place, obtains mobile terminal from the finger print information by the certificate server of roaming place and sets
Standby corresponding facility information.Wherein, DHCP option is carried in DHCP request message, which is also known as finger print information,
And the DHCP option is the set comprising configuration parameter and other control information, the content in DHCP option can be used to
Identify the corresponding facility information of mobile terminal device.
During mobile terminal device accesses network, mobile terminal device can send HTTP request to HTTP server
Message.The HTTP request message is sent to by access device after receiving the HTTP request message from mobile terminal device
HTTP server.HTTP server can obtain finger print information from HTTP request message, and finger print information is sent to roaming
The certificate server on ground obtains the corresponding equipment of mobile terminal device by the certificate server of roaming place from the finger print information and believes
Breath.Wherein, User Agent (user agent) option is carried in HTTP request message, which is also known as,
And the User Agent option is the set comprising configuration parameter and other control information, it is interior in User Agent option
Appearance can be used to identify the corresponding facility information of mobile terminal device.
In the embodiment of the present invention, when mobile terminal device is unauthenticated, access device can take to the certification of roaming place
Device of being engaged in sends the authentication request packet for being directed to the mobile terminal device, by the certificate server of roaming place by the authentication request packet
It is sent to the certificate server of ownership place.When mobile terminal device passes through certification, access device can take to the certification of roaming place
Be engaged in device send be directed to the mobile terminal device charging starting request message, by the certificate server of roaming place by the charging
Request message is sent to the certificate server of ownership place.Based on this, the above-mentioned request message from access device is specifically as follows
Authentication request packet (Access-Request message) or charging starting request message (Accounting-Request message).
For example, when being authenticated using Portal authentication mode to mobile terminal device, since mobile terminal device exists
Before certification, the DHCP request message of mobile terminal device can be sent to Dynamic Host Configuration Protocol server or will moved by access device
The HTTP request message of dynamic terminal device is sent to HTTP server.Therefore, the certificate server of roaming place can be mobile whole
End equipment obtains the corresponding facility information of mobile terminal device by certification before, and in the certification for being directed to the mobile terminal device
The corresponding facility information of the mobile terminal device is added in request message.When use 802.1X authentication mode is to mobile terminal device
When being authenticated, since mobile terminal device is before through certification, access device cannot be by the DHCP of mobile terminal device
Request message is sent to Dynamic Host Configuration Protocol server or the HTTP request message of mobile terminal device is sent to HTTP server, and
After mobile terminal device is by certification, the DHCP request message of mobile terminal device can be sent to DHCP clothes by access device
The HTTP request message of mobile terminal device is sent to HTTP server by business device.Therefore, the certificate server of roaming place
The corresponding facility information of mobile terminal device can be obtained after mobile terminal device is by certification, and whole for the movement
The corresponding facility information of the mobile terminal device is added in the charging starting request message of end equipment.
In the embodiment of the present invention, the certificate server of roaming place in request message, (open by such as authentication request packet or charging
Beginning request message) in the corresponding facility information of addition mobile terminal device process, be specifically including but not limited to such as under type: unrestrained
The certificate server on trip ground adds Proxy-State (agency-state) attribute in request message, and belongs in Proxy-State
Property in the corresponding facility information of addition mobile terminal device.
In the embodiment of the present invention, by the addition Proxy-State attribute after the existing attribute of request message, and
The corresponding facility information of mobile terminal device is added in Proxy-State attribute, since the content of Proxy-State attribute cannot
It is modified, therefore the forwarding server between the certificate server of roaming place and the certificate server of ownership place is receiving request report
Wen Shi will not modify to the content in Proxy-State attribute, and the corresponding facility information of mobile terminal device is led in guarantee
Know to the certificate server of ownership place.
Step 202, request message is sent to the certificate server of ownership place by the certificate server of roaming place.Wherein, should
The corresponding facility information of mobile terminal device is at least carried in request message.
Step 203, the certificate server of ownership place determines movement end using the corresponding facility information of mobile terminal device
The security strategy of end equipment, and taken the certification that the security strategy of the mobile terminal device returns to roaming place by response message
Business device.Wherein, when request message is authentication request packet, response message can be authentication response message (Access-
Response message);Alternatively, response message can be charging confirmation response when request message is charging starting request message
Message (Accounting-Response message).
In the embodiment of the present invention, it has been pre-configured between facility information and security strategy on the certificate server of ownership place
Corresponding relationship.Based on this, the certificate server of ownership place parses shifting after receiving request message from the request message
The dynamic corresponding facility information of terminal device.Further, the certificate server of ownership place is corresponding by the mobile terminal device
Corresponding relationship between facility information inquiry apparatus information and security strategy obtains the corresponding safe plan of the mobile terminal device
Slightly.As shown in table 1, the certificate server of ownership place has recorded corresponding between facility information and security strategy in the case where accessing scene
Relationship.Wherein, which is a kind of index information, can be arbitrarily arranged according to actual needs.
Table 1
| Access scene | Facility information (access conditions) | Security strategy (access strategy) |
| Access scenario A | Facility information A | Security strategy A |
| Access scenario B | Facility information B | Security strategy B |
For example, facility information A can be manufacturer's information A, type information A, version number information A, operation system information A, peace
Complete strategy A can be at the appointed time section, only to allow corresponding assigned vlan (Virtual Local Area Network, void
Quasi- local area network) mobile terminal device access specified resource.
Step 204, the certificate server of roaming place receives the response message of the certificate server from ownership place.Wherein,
The security strategy of mobile terminal device is at least carried in the response message.
Step 205, the security strategy of mobile terminal device is handed down to access device by the certificate server of roaming place, by connecing
The security strategy for entering equipment utilization mobile terminal device carries out access control to mobile terminal device.
Based on the above-mentioned technical proposal, in the embodiment of the present invention, the certificate server of roaming place can be by mobile terminal device
Corresponding facility information is notified to the certificate server of ownership place, utilizes mobile terminal device pair by the certificate server of ownership place
The facility information answered determines the security strategy of mobile terminal device, and is finally handed down to the security strategy of mobile terminal device and connects
Enter equipment, so that access device, which can use the security strategy, carries out access control to mobile terminal device, avoids enterprise
The security risk of network and data.
Based on inventive concept same as the above method, a kind of issuing for security strategy is additionally provided in the embodiment of the present invention
Equipment, it is described to issue certificate server of the equipment as roaming place, as shown in figure 3, the authentication service implement body of the roaming place
Include:
Processing module 11, for obtaining the corresponding facility information of mobile terminal device, and in the request from access device
The corresponding facility information of the mobile terminal device is added in message;
Sending module 12, for request message to be sent to the certificate server of ownership place, by the authentication service of ownership place
Device determines the security strategy of the mobile terminal device using the facility information;
Receiving module 13, for receiving the response message of the certificate server from the ownership place;Wherein, the response
The security strategy of the mobile terminal device is carried in message;
Module 14 is issued, for the security strategy of the mobile terminal device to be handed down to access device, by the access
Security strategy described in equipment utilization carries out access control to the mobile terminal device.
The processing module 11 is specifically used for receiving during acquisition mobile terminal device corresponding facility information
It is corresponding to obtain mobile terminal device from the finger print information for finger print information from dynamic host configuration protocol DHCP server
Facility information;Alternatively, receiving the finger print information from hypertext transfer protocol HTTP server, and from the finger print information
Obtain the corresponding facility information of mobile terminal device.
The processing module 11, specifically for adding the corresponding facility information of the mobile terminal device in request message
During, Proxy- state State attribute is acted on behalf of in addition in the request message, and in the Proxy-State attribute
It is middle to add the corresponding facility information of the mobile terminal device.
In the embodiment of the present invention, the request message is specially authentication request packet, and the response message is specially to authenticate
Response message;Alternatively, the request message is specially charging starting request message, the response message is specially that charging confirmation is rung
Answer message.
The corresponding facility information of the mobile terminal device specifically includes following one or any combination: it is described it is mobile eventually
The corresponding manufacturer's information of end equipment, type information, version number information, operation system information.
Wherein, the modules of apparatus of the present invention can integrate in one, can also be deployed separately.Above-mentioned module can close
And be a module, multiple submodule can also be further split into.
Through the above description of the embodiments, those skilled in the art can be understood that the present invention can be by
Software adds the mode of required general hardware platform to realize, naturally it is also possible to which by hardware, but in many cases, the former is more
Good embodiment.Based on this understanding, technical solution of the present invention substantially in other words contributes to the prior art
Part can be embodied in the form of software products, which is stored in a storage medium, if including
Dry instruction is used so that a computer equipment (can be personal computer, server or the network equipment etc.) executes this hair
Method described in bright each embodiment.It will be appreciated by those skilled in the art that attached drawing is the schematic diagram of a preferred embodiment,
Module or process in attached drawing are not necessarily implemented necessary to the present invention.It will be appreciated by those skilled in the art that in embodiment
Device in module can according to embodiment describe be distributed in the device of embodiment, corresponding change position can also be carried out
In the one or more devices for being different from the present embodiment.The module of above-described embodiment can be merged into a module, can also be with
It is further split into multiple submodule.The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.With
Upper disclosed several specific embodiments only of the invention, still, the present invention is not limited to this, any those skilled in the art
Member can think of variation should all fall into protection scope of the present invention.
Claims (8)
1. a kind of delivery method of security strategy, which is characterized in that the described method comprises the following steps:
The certificate server of roaming place obtains the corresponding facility information of mobile terminal device, and in the request report from access device
The corresponding facility information of the mobile terminal device is added in text;
Request message is sent to the certificate server of ownership place by the certificate server of the roaming place, is taken by the certification of ownership place
Business device determines the security strategy of the mobile terminal device using the facility information;
The certificate server of the roaming place receives the response message of the certificate server from the ownership place;Wherein, described
The security strategy of the mobile terminal device is carried in response message;
The security strategy of the mobile terminal device is handed down to access device by the certificate server of the roaming place, is connect by described
Enter security strategy described in equipment utilization and access control is carried out to the mobile terminal device;
The certificate server of the roaming place adds the mistake of the corresponding facility information of the mobile terminal device in request message
Journey specifically includes:
The certificate server of the roaming place adds in the request message acts on behalf of Proxy- state State attribute, and in institute
It states and adds the corresponding facility information of the mobile terminal device in Proxy-State attribute.
2. the method as described in claim 1, which is characterized in that the certificate server of the roaming place obtains mobile terminal device
The process of corresponding facility information, specifically includes:
The certificate server of the roaming place receives the finger print information from dynamic host configuration protocol DHCP server, and from institute
It states and obtains the corresponding facility information of mobile terminal device in finger print information;Alternatively,
The certificate server of the roaming place receives the finger print information from hypertext transfer protocol HTTP server, and from described
The corresponding facility information of mobile terminal device is obtained in finger print information.
3. the method according to claim 1, which is characterized in that the request message is specially certification request report
Text, the response message are specially authentication response message;Alternatively, the request message is specially charging starting request message, institute
Stating response message is specially charging confirmation response message.
4. the method according to claim 1, which is characterized in that the corresponding facility information of the mobile terminal device
Specifically include following one or any combination: the corresponding manufacturer's information of the mobile terminal device, type information, version number's letter
Breath, operation system information.
5. a kind of security strategy issues equipment, described to issue certificate server of the equipment as roaming place, which is characterized in that institute
The certificate server for stating roaming place specifically includes:
Processing module, for obtaining the corresponding facility information of mobile terminal device, and in the request message from access device
Add the corresponding facility information of the mobile terminal device;The processing module is specifically used in request message described in addition
During the corresponding facility information of mobile terminal device, Proxy- state State category is acted on behalf of in addition in the request message
Property, and the corresponding facility information of the mobile terminal device is added in the Proxy-State attribute;
Sending module is utilized for request message to be sent to the certificate server of ownership place by the certificate server of ownership place
The facility information determines the security strategy of the mobile terminal device;
Receiving module, for receiving the response message of the certificate server from the ownership place;Wherein, in the response message
Carry the security strategy of the mobile terminal device;
Module is issued, for the security strategy of the mobile terminal device to be handed down to access device, by the access device benefit
Access control is carried out to the mobile terminal device with the security strategy.
6. equipment as claimed in claim 5, which is characterized in that
The processing module is specifically used for receiving and coming automatically during acquisition mobile terminal device corresponding facility information
The finger print information of state host configuration Dynamic Host Configuration Protocol server, and obtain from the finger print information that mobile terminal device is corresponding to be set
Standby information;Alternatively, receiving the finger print information from hypertext transfer protocol HTTP server, and obtained from the finger print information
The corresponding facility information of mobile terminal device.
7. such as the described in any item equipment of claim 5-6, which is characterized in that the request message is specially certification request report
Text, the response message are specially authentication response message;Alternatively, the request message is charging starting request message, the sound
Answering message is that charging confirms response message.
8. such as the described in any item equipment of claim 5-6, which is characterized in that the corresponding facility information of the mobile terminal device
Specifically include following one or any combination: the corresponding manufacturer's information of the mobile terminal device, type information, version number's letter
Breath, operation system information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510070410.8A CN105991576B (en) | 2015-02-10 | 2015-02-10 | A kind of delivery method and equipment of security strategy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510070410.8A CN105991576B (en) | 2015-02-10 | 2015-02-10 | A kind of delivery method and equipment of security strategy |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105991576A CN105991576A (en) | 2016-10-05 |
| CN105991576B true CN105991576B (en) | 2019-07-09 |
Family
ID=57041118
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510070410.8A Active CN105991576B (en) | 2015-02-10 | 2015-02-10 | A kind of delivery method and equipment of security strategy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105991576B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106572112A (en) * | 2016-11-09 | 2017-04-19 | 北京小米移动软件有限公司 | Access control method and device |
| CN114629683B (en) * | 2022-02-11 | 2023-09-05 | 亚信科技(成都)有限公司 | Access method, device, equipment and storage medium of management server |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101272627A (en) * | 2008-04-30 | 2008-09-24 | 杭州华三通信技术有限公司 | Network access control method and apparatus for implementing roaming |
| CN101521885A (en) * | 2008-02-26 | 2009-09-02 | 华为技术有限公司 | Authority control method, system and equipment |
| US7937578B2 (en) * | 2002-11-14 | 2011-05-03 | Qualcomm Incorporated | Communications security methods for supporting end-to-end security associations |
| CN103354550A (en) * | 2013-07-03 | 2013-10-16 | 杭州华三通信技术有限公司 | Authorization control method and device based on terminal information |
| CN103369531A (en) * | 2013-07-02 | 2013-10-23 | 杭州华三通信技术有限公司 | Method and device for controlling authority based on terminal information |
-
2015
- 2015-02-10 CN CN201510070410.8A patent/CN105991576B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7937578B2 (en) * | 2002-11-14 | 2011-05-03 | Qualcomm Incorporated | Communications security methods for supporting end-to-end security associations |
| CN101521885A (en) * | 2008-02-26 | 2009-09-02 | 华为技术有限公司 | Authority control method, system and equipment |
| CN101272627A (en) * | 2008-04-30 | 2008-09-24 | 杭州华三通信技术有限公司 | Network access control method and apparatus for implementing roaming |
| CN103369531A (en) * | 2013-07-02 | 2013-10-23 | 杭州华三通信技术有限公司 | Method and device for controlling authority based on terminal information |
| CN103354550A (en) * | 2013-07-03 | 2013-10-16 | 杭州华三通信技术有限公司 | Authorization control method and device based on terminal information |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105991576A (en) | 2016-10-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103249045B (en) | A kind of methods, devices and systems of identification | |
| KR101243713B1 (en) | Wireless lan access point and method for accessing wireless lan | |
| CN103746812B (en) | A kind of access authentication method and system | |
| CN104767715B (en) | Access control method and equipment | |
| CN104254073B (en) | The method and device being authenticated to access terminal | |
| CN105357242B (en) | Access the method and system of WLAN, short message pushes platform, gate system | |
| CN103746983A (en) | Access authentication method and authentication server | |
| CN103200159B (en) | A kind of Network Access Method and equipment | |
| CN106921636A (en) | Identity identifying method and device | |
| CN107277812A (en) | A kind of wireless network authentication method and system based on Quick Response Code | |
| CN107529160A (en) | A kind of VoWiFi method for network access and system, terminal and wireless access points equipment | |
| CN107026813A (en) | Access authentication method, system and the portal server of WiFi network | |
| CN105450616B (en) | A kind of authentication method of terminal, accredited judgement gateway, certificate server and system | |
| CN105592180B (en) | A kind of method and apparatus of Portal certification | |
| CN105979521B (en) | The method of fat or thin WiFi AP unaware certification free Internet access | |
| CN106488453A (en) | A kind of method and system of portal certification | |
| CN105813072A (en) | Terminal authentication method, system and cloud server | |
| US9787678B2 (en) | Multifactor authentication for mail server access | |
| CN106658498A (en) | Portal approved quick roaming method and WiFi device | |
| CN101986598A (en) | Authentication method, server and system | |
| CN109769249A (en) | A kind of authentication method, system and its apparatus | |
| CN105991576B (en) | A kind of delivery method and equipment of security strategy | |
| CN107659935A (en) | A kind of authentication method, certificate server, network management system and Verification System | |
| CN107707560B (en) | Authentication method, system, network access equipment and Portal server | |
| CN102420808A (en) | Method for realizing single signon on telecom on-line business hall |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |